Package io.netty.pkitesting

Enum CertificateBuilder.Algorithm

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description
      ecp256
      The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.
      ecp384
      The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.
      ed25519
      The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.
      ed448
      The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.
      mlDsa44
      The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlDsa65
      The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlDsa87
      The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlKem1024
      The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      mlKem512
      The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      mlKem768
      The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      rsa2048
      The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.
      rsa3072
      The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.
      rsa4096
      The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.
      rsa8192
      The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.
      slhDsaSha2_128f
      The SLH-DSA-SHA2-128f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaSha2_128s
      The SLH-DSA-SHA2-128s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaSha2_192f
      The SLH-DSA-SHA2-192f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaSha2_192s
      The SLH-DSA-SHA2-192 algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaSha2_256f
      The SLH-DSA-SHA2-256f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaSha2_256s
      The SLH-DSA-SHA2-256s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_128f
      The SLH-DSA-SHAKE-128f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_128s
      The SLH-DSA-SHAKE-128s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_192f
      The SLH-DSA-SHAKE-192f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_192s
      The SLH-DSA-SHAKE-192s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_256f
      The SLH-DSA-SHAKE-256f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.
      slhDsaShake_256s
      The SLH-DSA-SHAKE-256s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom)
      Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
      java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom, java.security.Provider provider)
      Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
      boolean isSupported()
      Tell whether this algorithm is supported in the current JVM.
      boolean supportSigning()
      Discern if this algorithm can be used for signing.
      static CertificateBuilder.Algorithm valueOf​(java.lang.String name)
      Returns the enum constant of this type with the specified name.
      static CertificateBuilder.Algorithm[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.

      • Methods inherited from class java.lang.Enum

        clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

      • Methods inherited from class java.lang.Object

        getClass, notify, notifyAll, wait, wait, wait

    • Enum Constant Detail

      • ecp256

        public static final CertificateBuilder.Algorithm ecp256
        The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.

        This algorithm is older than the Edwards curves, and are more widely supported.

      • ecp384

        public static final CertificateBuilder.Algorithm ecp384
        The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.

        This algorithm is older than the Edwards curves, and are more widely supported.

      • rsa2048

        public static final CertificateBuilder.Algorithm rsa2048
        The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.

        This algorithm enjoy the widest support and compatibility, though.

      • rsa3072

        public static final CertificateBuilder.Algorithm rsa3072
        The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • rsa4096

        public static final CertificateBuilder.Algorithm rsa4096
        The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • rsa8192

        public static final CertificateBuilder.Algorithm rsa8192
        The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • ed25519

        public static final CertificateBuilder.Algorithm ed25519
        The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.

        This algorithm was added in Java 15, and may not be supported everywhere.

      • ed448

        public static final CertificateBuilder.Algorithm ed448
        The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.

        This algorithm was added in Java 15, and may not be supported everywhere.

      • mlDsa44

        public static final CertificateBuilder.Algorithm mlDsa44
        The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 2 quantum security strength (equivalent to finding a SHA-256 collision).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlDsa65

        public static final CertificateBuilder.Algorithm mlDsa65
        The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlDsa87

        public static final CertificateBuilder.Algorithm mlDsa87
        The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem512

        public static final CertificateBuilder.Algorithm mlKem512
        The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-128 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem768

        public static final CertificateBuilder.Algorithm mlKem768
        The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem1024

        public static final CertificateBuilder.Algorithm mlKem1024
        The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • slhDsaSha2_128s

        public static final CertificateBuilder.Algorithm slhDsaSha2_128s
        The SLH-DSA-SHA2-128s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-128 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaSha2_128f

        public static final CertificateBuilder.Algorithm slhDsaSha2_128f
        The SLH-DSA-SHA2-128f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-128 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

      • slhDsaShake_128s

        public static final CertificateBuilder.Algorithm slhDsaShake_128s
        The SLH-DSA-SHAKE-128s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-128 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaShake_128f

        public static final CertificateBuilder.Algorithm slhDsaShake_128f
        The SLH-DSA-SHAKE-128f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-128 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

      • slhDsaSha2_192s

        public static final CertificateBuilder.Algorithm slhDsaSha2_192s
        The SLH-DSA-SHA2-192 algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaSha2_192f

        public static final CertificateBuilder.Algorithm slhDsaSha2_192f
        The SLH-DSA-SHA2-192f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

      • slhDsaShake_192s

        public static final CertificateBuilder.Algorithm slhDsaShake_192s
        The SLH-DSA-SHAKE-192s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaShake_192f

        public static final CertificateBuilder.Algorithm slhDsaShake_192f
        The SLH-DSA-SHAKE-192f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

      • slhDsaSha2_256s

        public static final CertificateBuilder.Algorithm slhDsaSha2_256s
        The SLH-DSA-SHA2-256s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaSha2_256f

        public static final CertificateBuilder.Algorithm slhDsaSha2_256f
        The SLH-DSA-SHA2-256f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

      • slhDsaShake_256s

        public static final CertificateBuilder.Algorithm slhDsaShake_256s
        The SLH-DSA-SHAKE-256s algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        SLH-DSA algorithms with the 's' suffix have relatively smaller signatures but are much slower.

      • slhDsaShake_256f

        public static final CertificateBuilder.Algorithm slhDsaShake_256f
        The SLH-DSA-SHAKE-256f algorithm is the NIST FIPS 205 of the post-quantum SPHINCS+ algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        SLH-DSA algorithms with the 'f' suffix have larger signatures but are much faster.

    • Method Detail

      • values

        public static CertificateBuilder.Algorithm[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (CertificateBuilder.Algorithm c : CertificateBuilder.Algorithm.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static CertificateBuilder.Algorithm valueOf​(java.lang.String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        java.lang.IllegalArgumentException - if this enum type has no constant with the specified name
        java.lang.NullPointerException - if the argument is null

      • generateKeyPair

        public java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom)
                                      throws java.security.GeneralSecurityException
        Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
        Parameters:
        secureRandom - The SecureRandom generator to use, not null.
        Returns:
        The generated KeyPair.
        Throws:
        java.security.GeneralSecurityException - if the key pair cannot be generated using this algorithm for some reason.
        java.lang.UnsupportedOperationException - if this algorithm is not support in the current JVM.

      • generateKeyPair

        public java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom,
                                             java.security.Provider provider)
                                      throws java.security.GeneralSecurityException
        Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
        Parameters:
        secureRandom - The SecureRandom generator to use, not null.
        provider - The Provider to use, when null, the default will be used.
        Returns:
        The generated KeyPair.
        Throws:
        java.security.GeneralSecurityException - if the key pair cannot be generated using this algorithm for some reason.
        java.lang.UnsupportedOperationException - if this algorithm is not support in the current JVM.

      • isSupported

        public boolean isSupported()
        Tell whether this algorithm is supported in the current JVM.
        Returns:
        true if this algorithm is supported.

      • supportSigning

        public boolean supportSigning()
        Discern if this algorithm can be used for signing. Algorithms need to support signing in order to create self-signed certificates, or to be used as signing issuers of other certificates.

        Note that this method only inspects a property of the algorithm, and does not check if the algorithm is supported in your environment.

        Returns:
        true if this algorithm can be used for signing, otherwise false.