Documentation Contents

Descriptions of Images from Java Cryptography Architecture (JCA) Reference Guide

The following are text descriptions of images used in Java Cryptography Architecture (JCA) Reference Guide

Description of Figure 1: MD5 Message Digest Implementation

This figure consists of two diagrams. The first diagram represents an application that requests and MD5 algorithm implementation without specifying a provider name. The second diagram represents an application that requests and MD5 algorithm implementation from a specific provider:

Without Specifying Provider Name

This figure consists of five cylinders arranged in three rows. These cylinders, from top to bottom, are labeled as follows:

• Application
• Provider Framework
• This row contains three cylinders. Each cylinder in this row has an arrow pointing up towards the cylinder above it (Provider Framework):
  • ProviderA: Message Digest SHA-1 SHA-256 (this cylinder has an X on it)
  • ProviderB: Message Digest MD5 SHA-512 (this cylinder has a check mark on it)
  • ProviderC: Message Digest MD5 SHA-256

An arrow labeled MessageDigest_getInstance("MD5") with an arrow head labeled "MDS MessageDigest from ProviderB" starts from the Application cylinder and passes through the following objects:

• Provider Framework cylinder
• ProviderA arrow
• ProviderB arrow
• Provider Framework cylinder (again)

The arrow head points to the Application cylinder.

From Specific Provider

This figure consists of five cylinders arranged in three rows. These cylinders, from top to bottom, are labeled as follows:

• Application
• Provider Framework
• This row contains three cylinders. Each cylinder in this row has an arrow pointing up towards the cylinder above it (Provider Framework):
  • ProviderA: Message Digest SHA-1 SHA-256
  • ProviderB: Message Digest MD5 SHA-512
  • ProviderC: Message Digest MD5 SHA-256 (this cylinder has a check mark on it)

An arrow labeled MessageDigest_getInstance("MD5", "ProviderC") with an arrow head labeled "MDS MessageDigest from ProviderC" starts from the Application cylinder and passes through the following objects:

• Provider Framework cylinder
• ProviderC arrow
• Provider Framework cylinder (again)

The arrow head points to the Application cylinder.

Description of Figure 2: Example of How Application Retrieves "AES" Cipher Instance

This figure consists of five boxes:

• Application: This box contains the following pseudocode:

  c:Cipher.getInstance("AES");

• JCA/JCE: This box contains the following list:

  • Signature
  • Message Digest
  • Key Script Generator
  • Key Factory
  • Algorithm Parameters
  • Cipher
  • Key Agreement
  • Key Generator
  • Secret Key Factory
  • MAC

• CSP, CSP2, CSP3: These boxes represent cryptographic service providers

• The fifth box represents CSP3. It contains the following headers and pseudocode:

  • Provider.class

    "Cipher.AES" -> "com.foo.AESCipher"

  • com.foo.AESCipher.class

    package com.foo:
      class AESCipher extends CipherSPi {
        .
        .
        .
      }

Arrows connect the boxes as follows:

• From Application to JCA/JCE
• From JCA/JCE to CSP1, CSP2, and CSP3 (the arrow branches)

A dotted line connects CSP3 to the headings Provider.class and com.foo.AESCipher.class

Description of Figure 3: Example of Provider Subclass

This figure consists of a cylinder labeled Provider C and a box. Dotted lines are used to indicate that Provider C contains the contents of the box. The box contains the following headers and Java code:

• provider.java

  public class fooJCA extends Provider {
      .
      .
      .
      put("MessageDigest.MD5", "com.foo.MD5");
      .
      .
      .
  {}

• com.foo.MD5.java

  package com.foo;
  public class MD5 extends
      MessageDigestSpi {
      .
      .
      .
  }

Description of Figure 4: The SecureRandom Class

This figure consists of three boxes labeled as follows:

• Seed
• SecureRandom (SHA1PRNG)
• data

Labeled arrows connect these boxes:

• setSeed(): From Seed to SecureRandom (SHA1PRNG)
• digest() and nextBytes(): From SecureRandom (SHA1PRNG) to data

Description of Figure 5: The MessageDigest Class

This figure consists of three boxes labeled as follows:

• Data
• Message Digest (MD5)
• Digest/Hash

Labeled arrows connect these boxes:

• update(): From Data to Message Digest (MD5)
• digest(): From Message Digest (MD5) to Digest/Hash

Description of Figure 6: The Signature Class

This figure consists of boxes labeled as follows:

• Generated by a Key Pair Generator: Contains a box labeled Private Key/Public Key
• Data
• These two boxes are attached to each other:
  • Signature (MD5withRSA): Box 1 of 2
  • Sign
• Signature Bytes
• These two boxes are attached to each other:
  • Signature (MD5withRSA): Box 2 of 2
  • Verify
• Yes/No

Labeled arrows connect these boxes:

• update(): From Data to Signature (MD5withRSA) #1
• update(): From Data to Signature (MD5withRSA) #2
• sign(): From Signature (MD5withRSA) #1 to Signature Bytes
• verify(): From Signature Bytes Data to Signature (MD5withRSA) #2

Unlabeled arrows connect these boxes:

• From Generated by a Key Pair Generator to Signature (MD5withRSA) #1 and Signature (MD5withRSA) #2 (the arrow branches)
• From Signature (MD5withRSA) #2 to Yes/No

Description of Figure 7: The Cipher Class

This figure consists of boxes labeled as follows:

• Key: Contains a box labeled Secret Key
• Plaintext
• These two boxes are attached to each other:
  • Cipher (AES): Box 1 of 2
  • Encrypt
• Algorithm Parameters
• Ciphertext
• These two boxes are attached to each other:
  • Cipher (AES): Box 2 of 2
  • Decrypt
• Plaintext

Labeled arrows connect these boxes:

• update(): From Plaintext to the Cipher (AES) #1
• doFinal(): From Plaintext to Encrypt
• update(): From Ciphertext to the Cipher (AES) #2
• doFinal(): From Ciphertext to Decrypt

Unlabeled arrows connect these boxes:

• From Key to the Cipher (AES) #1 and Cipher (AES) #2 (the arrow branches)
• From Cipher (AES) #1 to Algorithm Parameters
• From Algorithm Parameters to the Cipher (AES) compartment of the Decrypt box
• From Cipher (AES) #2 to Plaintext
• From Decrypt to Plaintext

Description of Figure 8: The Mac Class

This figure consists of boxes labeled as follows:

• Data: Two boxes are labeled this
• MAC (HmacMD5): Two boxes are labeled this
• Shared Secret Key
• Signal Digest Hash: Two boxes are labeled this
• If data was the same, the hash is the same

Labeled arrows connect these boxes:

• update(): From Data #1 to MAC (HmacMD5) #1
• doFinal(): From Data #1 to MAC (HmacMD5) #1
• update(): From Data #2 to MAC (HmacMD5) #2
• doFinal(): From Data #2 to MAC (HmacMD5) #2

Unlabeled arrows connect these boxes:

• From Shared Secret Key to MAC (HmacMD5) (two separate arrows)
• From MAC (HmacMD5) #1 to Signed Digest Hash #1
• From MAC (HmacMD5) #2 to Signed Digest Hash #2
• From Signed Digest Hash #1 to If data was the same, the hash is the same
• From Signed Digest Hash #2 to If data was the same, the hash is the same

Description of Figure 9: Differences Between Generators and Factories

This figure consists of two diagrams:

Generators

This diagram contains the following caption: Generators — Generate new objects based on initialization parameters

It consists of boxes labeled as follows:

• Initialization Parameters (Key Length)
• Generator
• Object Secret Key

Unlabeled arrows connect these boxes:

• From Initialization Parameters (Key Length) to Generator
• From Generator to Object Secret Key

Factories

This diagram contains the following caption: Factories — Transform existing specific objects into other object types

It consists of boxes labeled as follows:

• Type 1 Key Spec
• Factory
• Type 2 Secret Key

Unlabeled arrows connect these boxes:

• From Type 1 Key Spec to Factory
• From Factory to Type 2 Secret Key

Description of Figure 10: The KeyFactory Class

This figure consists of boxes labeled as follows:

• Key Spec
• Key Factory (RSA): Two boxes are labeled this
• Private Key
• Public Key
• Key Spec

Labeled arrows connect these boxes:

• generatePrivate(): From Key Factory (RSA) #1 to Private Key
• generatePublic(): From Key Factory (RSA) #1 to Public Key
• getKeySpec(): From Key Factory (RSA) #2 to Key Spec

Unlabeled arrows connect these boxes:

• From Key Spec to Key Factory (RSA) #1
• From Key to Key Factory (RSA) #2

Description of Figure 11: The SecretKeyFactory Class

This figure consists of boxes labeled as follows:

• Key Spec: Two boxes are labeled this
• Secret Key Factory (DES): This box has a sublabel, generateSecret()
• Secret Key: Two boxes are labeled this
• Secret Key Factory (DES): This box has a sublabel, getKeySpec()

Unlabeled arrows connect these boxes:

• From Key Spec #1 to Secret Key Factory (DES), generateSecret()
• From Secret Key Factory (DES), generateSecret() to Secret Key #1
• From Secret Key #2 to Secret Key Factory (DES), getKeySpec()
• From Secret Key Factory (DES), getKeySpec() to Key Spec #2

Description of Figure 12: The KeyPairGenerator Class

This figure consists of boxes labeled as follows:

• These boxes are joined by the word "or":
  • key length
  • AlgorithmParameterSpec
• Key Pair Generator (DH)
• Key Pair
• Private Key
• Public Key

Labeled arrows connect these boxes:

• init(): From key length to Key Pair Generator (DH)
• init(): From AlgorithmParameterSpec to Key Pair Generator (DH)
• genKeyPair(): From Key Pair Generator (DH) to Key Pair
• getPrivate(): From Key Pair to Private Key
• getPublic(): From Key Pair to Public Key

Description of Figure 13: The KeyGenerator Class

This figure consists of boxes labeled as follows:

• These boxes are joined by the word "or":
  • key length
  • AlgorithmParameterSpec
• Key Generator (AES)
• Secret Key

Labeled arrows connect these boxes:

• init(): From key length to Key Generator (AES)
• init(): From AlgorithmParameterSpec to Key Generator (AES)
• generateKey(): From Key Generator (AES) to Secret Pair

Description of Figure 14: The KeyAgreement Class

This figure is divided into halves by a dashed line. The top half is labeled Alice, and the bottom half is labeled Bob. The figure consists of boxes labeled as follows:

• These boxes are in Alice's half:
  • Key: This box contains a box labeled Alice's Private
  • Key: This box contains a box labeled Bob's Public
  • Key Agreement (DH)
  • Bytes: This box has another label, Bytes
• These boxes are in Bob's half:
  • Key: This box contains a box labeled Bob's Private
  • Key: This box contains a box labeled Alice's Public
  • Key Agreement (DH)
  • Bytes: This box has another label, Bytes

Labeled arrows connect these boxes:

• These arrows are in Alice's half:
  • init(): From Alice's Private Key to Key Agreement (DH)
  • doPhase(): From Bob's Public Key to Key Agreement (DH)
  • generateSecret(): From Key Agreement (DH) to Bytes
• These arrows are in Bob's half:
  • init(): From Bob's Private Key to Key Agreement (DH)
  • doPhase(): From Alice's Public Key to Key Agreement (DH)
  • generateSecret(): From Key Agreement (DH) to Bytes

A double-headed arrow joins the Bytes boxes in Alice's and Bob's halves. This arrow is labeled "Should be the same."

• init(): From key length to Key Generator (AES)
• init(): From AlgorithmParameterSpec to Key Generator (AES)
• generateKey(): From Key Generator (AES) to Secret Pair

Description of Figure 15: The KeyStore Class

This figure consists of a table labeled JKS and a cylinder labeled File.

The table JKS contains the following:

An arrow labeled store() points from the JKS table to the File cylinder. An arrow labeled load() points from the File cylinder to the JKS cylinder.

Description of Figure 16: SSL Messages

This figure contains two lists of steps that are next to each other. The list to the left is labeled Client. The list to the right is labeled Server.

The Client list contains the following items:

• 1. Client hello
• 7. Certificate optional
• 8. Client key exchange
• 9. Certificate verify optional
• 10. Change cipher spec
• 11. Finished
• 14. Encrypted data
• 15. Close messages

Five empty lines separate item 1. Client hello and item 7. Certificate. Two empty lines separate item 11. Finished and item 14. Finished.

The Server list contains the following items:

• 2. Server hello
• 3. Certificate optional
• 4. Certificate request optional
• 5. Server key exchange optional
• 6. Server hello done
• 12. Change cipher spec
• 13. Finished
• 14. Encrypted data
• 15. Close messages

Five empty lines separate item 6. Server hello done and item 12. Change cipher spec.

An arrow points from each item in the Client list to the corresponding empty line in the Server list. Similarly, an arrow points from each item in the Server list to the corresponding empty line in the Client list. For items 14 and 15 in the Client and Server lists, double-headed arrows connect them instead.

---

Copyright © 1993, 2013, Oracle and/or its affiliates. All rights reserved.

Contact Us