Enum CertificateBuilder.Algorithm

java.lang.Object
java.lang.Enum<CertificateBuilder.Algorithm>
io.netty.pkitesting.CertificateBuilder.Algorithm
All Implemented Interfaces:
Serializable, Comparable<CertificateBuilder.Algorithm>
Enclosing class:
CertificateBuilder
public static enum CertificateBuilder.Algorithm extends Enum<CertificateBuilder.Algorithm>
The CertificateBuilder.Algorithm enum encapsulates both the key type, key generation parameters, and the signature algorithm to use.

  • Enum Constant Summary

    Enum Constants
    Enum Constant
    Description
    ecp256
    The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.
    ecp384
    The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.
    ed25519
    The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.
    ed448
    The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.
    mlDsa44
    The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
    mlDsa65
    The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
    mlDsa87
    The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
    mlKem1024
    The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
    mlKem512
    The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
    mlKem768
    The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
    rsa2048
    The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.
    rsa3072
    The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.
    rsa4096
    The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.
    rsa8192
    The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.

  • Method Summary

    Modifier and Type
    Method
    Description
    KeyPair
    generateKeyPair(SecureRandom secureRandom)
    Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
    KeyPair
    generateKeyPair(SecureRandom secureRandom, Provider provider)
    Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
    boolean
    isSupported()
    Tell whether this algorithm is supported in the current JVM.
    boolean
    supportSigning()
    Discern if this algorithm can be used for signing.
    static CertificateBuilder.Algorithm
    valueOf(String name)
    Returns the enum constant of this type with the specified name.
    static CertificateBuilder.Algorithm[]
    values()
    Returns an array containing the constants of this enum type, in the order they are declared.

    Methods inherited from class Enum

    clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

    Methods inherited from class Object

    getClass, notify, notifyAll, wait, wait, wait

  • Enum Constant Details

    • ecp256

      public static final CertificateBuilder.Algorithm ecp256
      The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.

      This algorithm is older than the Edwards curves, and are more widely supported.

    • ecp384

      public static final CertificateBuilder.Algorithm ecp384
      The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.

      This algorithm is older than the Edwards curves, and are more widely supported.

    • rsa2048

      public static final CertificateBuilder.Algorithm rsa2048
      The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.

      This algorithm enjoy the widest support and compatibility, though.

    • rsa3072

      public static final CertificateBuilder.Algorithm rsa3072
      The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.

      RSA enjoy pretty wide compatibility, though not all systems support keys this large.

    • rsa4096

      public static final CertificateBuilder.Algorithm rsa4096
      The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.

      RSA enjoy pretty wide compatibility, though not all systems support keys this large.

    • rsa8192

      public static final CertificateBuilder.Algorithm rsa8192
      The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.

      RSA enjoy pretty wide compatibility, though not all systems support keys this large.

    • ed25519

      public static final CertificateBuilder.Algorithm ed25519
      The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.

      This algorithm was added in Java 15, and may not be supported everywhere.

    • ed448

      public static final CertificateBuilder.Algorithm ed448
      The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.

      This algorithm was added in Java 15, and may not be supported everywhere.

    • mlDsa44

      public static final CertificateBuilder.Algorithm mlDsa44
      The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 2 quantum security strength (equivalent to finding a SHA-256 collision).

      This algorithm was added in Java 24, and may not be supported everywhere.

    • mlDsa65

      public static final CertificateBuilder.Algorithm mlDsa65
      The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

      This algorithm was added in Java 24, and may not be supported everywhere.

    • mlDsa87

      public static final CertificateBuilder.Algorithm mlDsa87
      The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

      This algorithm was added in Java 24, and may not be supported everywhere.

    • mlKem512

      public static final CertificateBuilder.Algorithm mlKem512
      The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-1128 block).

      This algorithm was added in Java 24, and may not be supported everywhere.

    • mlKem768

      public static final CertificateBuilder.Algorithm mlKem768
      The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

      This algorithm was added in Java 24, and may not be supported everywhere.

    • mlKem1024

      public static final CertificateBuilder.Algorithm mlKem1024
      The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

      This algorithm was added in Java 24, and may not be supported everywhere.

  • Method Details

    • values

      public static CertificateBuilder.Algorithm[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.
      Returns:
      an array containing the constants of this enum type, in the order they are declared

    • valueOf

      public static CertificateBuilder.Algorithm valueOf(String name)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null

    • generateKeyPair

      public KeyPair generateKeyPair(SecureRandom secureRandom) throws GeneralSecurityException
      Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
      Parameters:
      secureRandom - The SecureRandom generator to use, not null.
      Returns:
      The generated KeyPair.
      Throws:
      GeneralSecurityException - if the key pair cannot be generated using this algorithm for some reason.
      UnsupportedOperationException - if this algorithm is not support in the current JVM.

    • generateKeyPair

      public KeyPair generateKeyPair(SecureRandom secureRandom, Provider provider) throws GeneralSecurityException
      Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
      Parameters:
      secureRandom - The SecureRandom generator to use, not null.
      provider - The Provider to use, when null, the default will be used.
      Returns:
      The generated KeyPair.
      Throws:
      GeneralSecurityException - if the key pair cannot be generated using this algorithm for some reason.
      UnsupportedOperationException - if this algorithm is not support in the current JVM.

    • isSupported

      public boolean isSupported()
      Tell whether this algorithm is supported in the current JVM.
      Returns:
      true if this algorithm is supported.

    • supportSigning

      public boolean supportSigning()
      Discern if this algorithm can be used for signing. Algorithms need to support signing in order to create self-signed certificates, or to be used as signing issuers of other certificates.

      Note that this method only inspects a property of the algorithm, and does not check if the algorithm is supported in your environment.

      Returns:
      true if this algorithm can be used for signing, otherwise false.