Package io.netty.pkitesting

Enum CertificateBuilder.Algorithm

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description
      ecp256
      The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.
      ecp384
      The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.
      ed25519
      The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.
      ed448
      The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.
      mlDsa44
      The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlDsa65
      The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlDsa87
      The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm.
      mlKem1024
      The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      mlKem512
      The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      mlKem768
      The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm.
      rsa2048
      The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.
      rsa3072
      The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.
      rsa4096
      The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.
      rsa8192
      The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom)
      Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
      boolean isSupported()
      Tell whether this algorithm is supported in the current JVM.
      boolean supportSigning()
      Discern if this algorithm can be used for signing.
      static CertificateBuilder.Algorithm valueOf​(java.lang.String name)
      Returns the enum constant of this type with the specified name.
      static CertificateBuilder.Algorithm[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.

      • Methods inherited from class java.lang.Enum

        clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

      • Methods inherited from class java.lang.Object

        getClass, notify, notifyAll, wait, wait, wait

    • Enum Constant Detail

      • ecp256

        public static final CertificateBuilder.Algorithm ecp256
        The NIST P-256 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 128-bits of security strength.

        This algorithm is older than the Edwards curves, and are more widely supported.

      • ecp384

        public static final CertificateBuilder.Algorithm ecp384
        The NIST P-384 elliptic curve algorithm, offer fast key generation, signing, and verification, with small keys and signatures, at 192-bits of security strength.

        This algorithm is older than the Edwards curves, and are more widely supported.

      • rsa2048

        public static final CertificateBuilder.Algorithm rsa2048
        The 2048-bit RSA algorithm offer roughly 112-bits of security strength, at the cost of large keys and slightly expensive key generation.

        This algorithm enjoy the widest support and compatibility, though.

      • rsa3072

        public static final CertificateBuilder.Algorithm rsa3072
        The 3072-bit RSA algorithm offer roughly 128-bits of security strength, at the cost of large keys and fairly expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • rsa4096

        public static final CertificateBuilder.Algorithm rsa4096
        The 4096-bit RSA algorithm offer roughly greater than 128-bits of security strength, at the cost of large keys and very expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • rsa8192

        public static final CertificateBuilder.Algorithm rsa8192
        The 8192-bit RSA algorithm offer roughly greater than 192-bits of security strength, at the cost of very large keys and extremely expensive key generation.

        RSA enjoy pretty wide compatibility, though not all systems support keys this large.

      • ed25519

        public static final CertificateBuilder.Algorithm ed25519
        The Ed25519 algorithm offer fast key generation, signing, and verification, with very small keys and signatures, at 128-bits of security strength.

        This algorithm was added in Java 15, and may not be supported everywhere.

      • ed448

        public static final CertificateBuilder.Algorithm ed448
        The Ed448 algorithm offer fast key generation, signing, and verification, with small keys and signatures, at 224-bits of security strength.

        This algorithm was added in Java 15, and may not be supported everywhere.

      • mlDsa44

        public static final CertificateBuilder.Algorithm mlDsa44
        The ML-DSA-44 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 2 quantum security strength (equivalent to finding a SHA-256 collision).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlDsa65

        public static final CertificateBuilder.Algorithm mlDsa65
        The ML-DSA-65 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlDsa87

        public static final CertificateBuilder.Algorithm mlDsa87
        The ML-DSA-87 algorithm is the NIST FIPS 204 version of the post-quantum Dilithium algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem512

        public static final CertificateBuilder.Algorithm mlKem512
        The ML-KEM-512 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 128-bits of classical security strength, and is claimed to meet NIST Level 1 quantum security strength (equivalent to finding the key for an AES-1128 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem768

        public static final CertificateBuilder.Algorithm mlKem768
        The ML-KEM-768 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 192-bits of classical security strength, and is claimed to meet NIST Level 3 quantum security strength (equivalent to finding the key for an AES-192 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

      • mlKem1024

        public static final CertificateBuilder.Algorithm mlKem1024
        The ML-KEM-1024 algorithm is the NIST FIPS 203 version of the post-quantum Kyber algorithm. It has 256-bits of classical security strength, and is claimed to meet NIST Level 5 quantum security strength (equivalent to finding the key for an AES-256 block).

        This algorithm was added in Java 24, and may not be supported everywhere.

    • Method Detail

      • values

        public static CertificateBuilder.Algorithm[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (CertificateBuilder.Algorithm c : CertificateBuilder.Algorithm.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static CertificateBuilder.Algorithm valueOf​(java.lang.String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        java.lang.IllegalArgumentException - if this enum type has no constant with the specified name
        java.lang.NullPointerException - if the argument is null

      • generateKeyPair

        public java.security.KeyPair generateKeyPair​(java.security.SecureRandom secureRandom)
                                      throws java.security.GeneralSecurityException
        Generate a new KeyPair using this algorithm, and the given SecureRandom generator.
        Parameters:
        secureRandom - The SecureRandom generator to use, not null.
        Returns:
        The generated KeyPair.
        Throws:
        java.security.GeneralSecurityException - if the key pair cannot be generated using this algorithm for some reason.
        java.lang.UnsupportedOperationException - if this algorithm is not support in the current JVM.

      • isSupported

        public boolean isSupported()
        Tell whether this algorithm is supported in the current JVM.
        Returns:
        true if this algorithm is supported.

      • supportSigning

        public boolean supportSigning()
        Discern if this algorithm can be used for signing. Algorithms need to support signing in order to create self-signed certificates, or to be used as signing issuers of other certificates.

        Note that this method only inspects a property of the algorithm, and does not check if the algorithm is supported in your environment.

        Returns:
        true if this algorithm can be used for signing, otherwise false.