Package java.security

package java.security

Provides the classes and interfaces for the security framework. This includes classes that implement an easily configurable, fine-grained access control security architecture. This package also supports the generation and storage of cryptographic public key pairs, as well as a number of exportable cryptographic operations including those for message digest and signature generation. Finally, this package provides classes that support signed/guarded objects and secure random number generation. Many of the classes provided in this package (the cryptographic and secure random number generator classes in particular) are provider-based. The class itself defines a programming interface to which applications may write. The implementations themselves may then be written by independent third-party vendors and plugged in seamlessly as needed. Therefore application developers may take advantage of any number of provider-based implementations without having to add or rewrite code.

Package Specification

Java Cryptography Architecture (JCA) Reference Guide
PKCS #8: Private-Key Information Syntax Standard, Version 1.2, November 1993
Java Security Standard Algorithm Names Specification

Related Documentation

For further documentation, please see:

Java Security Overview
How to Implement a Provider in the Java Cryptography Architecture
Default Policy Implementation and Policy File Syntax
Permissions in the Java Development Kit (JDK)
Summary of Tools for Java Platform Security (for example keytool and jarsigner),

Since:: 1.1

Package	Description
java.security.cert	Provides classes and interfaces for parsing and managing certificates, certificate revocation lists (CRLs), and certification paths.
java.security.interfaces	Provides interfaces for generating RSA (Rivest, Shamir and Adleman AsymmetricCipher algorithm) keys as defined in the RSA Laboratory Technical Note PKCS#1, and DSA (Digital Signature Algorithm) keys as defined in NIST's FIPS-186.
java.security.spec	Provides classes and interfaces for key specifications and algorithm parameter specifications.

Class	Description
AccessControlContext	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
AccessControlException	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
AccessController	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
AlgorithmConstraints	This interface specifies constraints for cryptographic algorithms, keys (key sizes), and other algorithm parameters.
AlgorithmParameterGenerator	The `AlgorithmParameterGenerator` class is used to generate a set of parameters to be used with a certain algorithm.
AlgorithmParameterGeneratorSpi	This class defines the Service Provider Interface (SPI) for the `AlgorithmParameterGenerator` class, which is used to generate a set of parameters to be used with a certain algorithm.
AlgorithmParameters	This class is used as an opaque representation of cryptographic parameters.
AlgorithmParametersSpi	This class defines the Service Provider Interface (SPI) for the `AlgorithmParameters` class, which is used to manage algorithm parameters.
AllPermission	The AllPermission is a permission that implies all other permissions.
AuthProvider	This class defines login and logout methods for a provider.
BasicPermission	The BasicPermission class extends the Permission class, and can be used as the base class for permissions that want to follow the same naming convention as BasicPermission.
Certificate	Deprecated, for removal: This API element is subject to removal in a future version. This class is deprecated and subject to removal in a future version of Java SE.
CodeSigner	This class encapsulates information about a code signer.
CodeSource	This class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate chains that were used to verify signed code originating from that location.
CryptoPrimitive	An enumeration of cryptographic primitives.
DigestException	This is the generic Message Digest exception.
DigestInputStream	A transparent stream that updates the associated message digest using the bits going through the stream.
DigestOutputStream	A transparent stream that updates the associated message digest using the bits going through the stream.
DomainCombiner	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
DomainLoadStoreParameter	Configuration data that specifies the keystores in a keystore domain.
DrbgParameters	This class specifies the parameters used by a DRBG (Deterministic Random Bit Generator).
DrbgParameters.Capability	The reseedable and prediction resistance capabilities of a DRBG.
DrbgParameters.Instantiation	DRBG parameters for instantiation.
DrbgParameters.NextBytes	DRBG parameters for random bits generation.
DrbgParameters.Reseed	DRBG parameters for reseed.
GeneralSecurityException	The `GeneralSecurityException` class is a generic security exception class that provides type safety for all the security-related exception classes that extend from it.
Guard	This interface represents a guard, which is an object that is used to protect access to another object.
GuardedObject	A GuardedObject is an object that is used to protect access to another object.
Identity	Deprecated, for removal: This API element is subject to removal in a future version. This class is deprecated and subject to removal in a future version of Java SE.
IdentityScope	Deprecated, for removal: This API element is subject to removal in a future version. This class is deprecated and subject to removal in a future version of Java SE.
InvalidAlgorithmParameterException	This is the exception for invalid or inappropriate algorithm parameters.
InvalidKeyException	This is the exception for invalid Keys (invalid encoding, wrong length, uninitialized, etc).
InvalidParameterException	This exception, designed for use by the JCA/JCE engine classes, is thrown when an invalid parameter is passed to a method.
Key	The Key interface is the top-level interface for all keys.
KeyException	This is the basic key exception.
KeyFactory	Key factories are used to convert keys (opaque cryptographic keys of type `Key`) into key specifications (transparent representations of the underlying key material), and vice versa.
KeyFactorySpi	This class defines the Service Provider Interface (SPI) for the `KeyFactory` class.
KeyManagementException	This is the general key management exception for all operations dealing with key management.
KeyPair	This class is a simple holder for a key pair (a public key and a private key).
KeyPairGenerator	The KeyPairGenerator class is used to generate pairs of public and private keys.
KeyPairGeneratorSpi	This class defines the Service Provider Interface (SPI) for the `KeyPairGenerator` class, which is used to generate pairs of public and private keys.
KeyRep	Standardized representation for serialized Key objects.
KeyRep.Type	Key type.
KeyStore	This class represents a storage facility for cryptographic keys and certificates.
KeyStore.Builder	A description of a to-be-instantiated KeyStore object.
KeyStore.CallbackHandlerProtection	A ProtectionParameter encapsulating a CallbackHandler.
KeyStore.Entry	A marker interface for `KeyStore` entry types.
KeyStore.Entry.Attribute	An attribute associated with a keystore entry.
KeyStore.LoadStoreParameter	A marker interface for `KeyStore` `load` and `store` parameters.
KeyStore.PasswordProtection	A password-based implementation of `ProtectionParameter`.
KeyStore.PrivateKeyEntry	A `KeyStore` entry that holds a `PrivateKey` and corresponding certificate chain.
KeyStore.ProtectionParameter	A marker interface for keystore protection parameters.
KeyStore.SecretKeyEntry	A `KeyStore` entry that holds a `SecretKey`.
KeyStore.TrustedCertificateEntry	A `KeyStore` entry that holds a trusted `Certificate`.
KeyStoreException	This is the generic KeyStore exception.
KeyStoreSpi	This class defines the Service Provider Interface (SPI) for the `KeyStore` class.
MessageDigest	This MessageDigest class provides applications the functionality of a message digest algorithm, such as SHA-1 or SHA-256.
MessageDigestSpi	This class defines the Service Provider Interface (SPI) for the `MessageDigest` class, which provides the functionality of a message digest algorithm, such as MD5 or SHA.
NoSuchAlgorithmException	This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.
NoSuchProviderException	This exception is thrown when a particular security provider is requested but is not available in the environment.
Permission	Abstract class for representing access to a system resource.
PermissionCollection	Abstract class representing a collection of Permission objects.
Permissions	This class represents a heterogeneous collection of Permissions.
PKCS12Attribute	An attribute associated with a PKCS12 keystore entry.
Policy	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
Policy.Parameters	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
PolicySpi	Deprecated, for removal: This API element is subject to removal in a future version. This class is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release.
Principal	This interface represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.
PrivateKey	A private key.
PrivilegedAction<T>	A computation to be performed with privileges enabled.
PrivilegedActionException	This exception is thrown by `doPrivileged(PrivilegedExceptionAction)` and `doPrivileged(PrivilegedExceptionAction, AccessControlContext context)` to indicate that the action being performed threw a checked exception.
PrivilegedExceptionAction<T>	A computation to be performed with privileges enabled, that throws one or more checked exceptions.
ProtectionDomain	The ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals.
Provider	This class represents a "provider" for the Java Security API, where a provider implements some or all parts of Java Security.
Provider.Service	The description of a security service.
ProviderException	A runtime exception for Provider exceptions (such as misconfiguration errors or unrecoverable internal errors), which may be subclassed by Providers to throw specialized, provider-specific runtime errors.
PublicKey	A public key.
SecureClassLoader	This class extends ClassLoader with additional support for defining classes with an associated code source and permissions which are retrieved by the system policy by default.
SecureRandom	This class provides a cryptographically strong random number generator (RNG).
SecureRandomParameters	A marker interface for parameters used in various `SecureRandom` methods.
SecureRandomSpi	This class defines the Service Provider Interface (SPI) for the `SecureRandom` class.
Security	This class centralizes all security properties and common security methods.
SecurityPermission	This class is for security permissions.
Signature	The Signature class is used to provide applications the functionality of a digital signature algorithm.
SignatureException	This is the generic Signature exception.
SignatureSpi	This class defines the Service Provider Interface (SPI) for the `Signature` class, which is used to provide the functionality of a digital signature algorithm.
SignedObject	SignedObject is a class for the purpose of creating authentic runtime objects whose integrity cannot be compromised without being detected.
Signer	Deprecated, for removal: This API element is subject to removal in a future version. This class is deprecated and subject to removal in a future version of Java SE.
Timestamp	This class encapsulates information about a signed timestamp.
UnrecoverableEntryException	This exception is thrown if an entry in the keystore cannot be recovered.
UnrecoverableKeyException	This exception is thrown if a key in the keystore cannot be recovered.
UnresolvedPermission	The UnresolvedPermission class is used to hold Permissions that were "unresolved" when the Policy was initialized.
URIParameter	A parameter that contains a URI pointing to data intended for a PolicySpi or ConfigurationSpi implementation.

© 1993, 2021, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/package-summary.html