Providers¶
On current moment following providers are available out of the box:
- JDK - via JDK built-in JCA
- WebCrypto - via WebCrypto
- Apple - via CommonCrypto
- OpenSSL3 - via OpenSSL 3.x, statically linked to prebuilt OpenSSL 3.3.2 or dynamically linked (experimental)
Supported primitives¶
While the library is overall multiplatform and all algorithm/operation interfaces are available on all targets, support for a specific algorithm for a specific target depends on the used provider. Below there are several tables which show what is supported and what not (I know that it’s not the easiest thing to understand… But we have what we have).
For additional limitation please consult provider specific documentation.
Supported targets per provider¶
| Target | jdk | webcrypto | apple | openssl3 |
|---|---|---|---|---|
| jvm | ✅ | ➖ | ➖ | ❌ |
| js | ➖ | ✅ | ➖ | ❌ |
| wasmJs | ➖ | ✅ | ➖ | ❌ |
| wasmWasi | ➖ | ➖ | ➖ | ❌ |
| iosX64 iosSimulatorArm64 iosArm64 |
➖ | ➖ | ✅ | ✅ prebuilt only |
| watchosX64 watchosArm32 watchosArm64 watchosSimulatorArm64 watchosDeviceArm64 |
➖ | ➖ | ✅ | ✅ prebuilt only |
| tvosX64 tvosArm64 tvosSimulatorArm64 |
➖ | ➖ | ✅ | ✅ prebuilt only |
| macosX64 macosArm64 |
➖ | ➖ | ✅ | ✅ |
| linuxX64 linuxArm64 |
➖ | ➖ | ➖ | ✅ |
| mingwX64 | ➖ | ➖ | ➖ | ✅ |
| androidNativeX64 androidNativeX86 androidNativeArm64 androidNativeArm32 |
➖ | ➖ | ➖ | ✅ prebuilt only |
✅ : supported
➖ : not applicable
❌ : not supported (yet?)
Supported algorithms per provider¶
supportedhere means that those algorithms are tested and works at least in some configuration (f.e. different Java versions or Java providers can have different algorithms supported)
| Operation | Algorithm | jdk | webcrypto | apple | openssl3 |
|---|---|---|---|---|---|
| Digest | ⚠️ MD5 | ✅ | ❌ | ✅ | ✅ |
| ⚠️ SHA1 | ✅ | ✅ | ✅ | ✅ | |
| SHA224 | ✅ | ❌ | ✅ | ✅ | |
| SHA256 | ✅ | ✅ | ✅ | ✅ | |
| SHA384 | ✅ | ✅ | ✅ | ✅ | |
| SHA512 | ✅ | ✅ | ✅ | ✅ | |
| SHA3 family | ✅ | ❌ | ❌ | ✅ | |
| MAC | HMAC | ✅ | ✅ | ✅ | ✅ |
| Symmetric-key encryption/decryption |
AES-CBC | ✅ | ✅ | ✅ | ✅ |
| AES-CTR | ✅ | ✅ | ✅ | ✅ | |
| AES-GCM | ✅ | ✅ | ❌ | ✅ | |
| ⚠️ AES-ECB | ✅ | ❌ | ✅ | ✅ | |
| Public-key encryption/decryption |
RSA-OAEP | ✅ | ✅ | ✅ | ✅ |
| ⚠️ RSA-PKS1-v1_5 | ✅ | ❌ | ✅ | ✅ | |
| ⚠️ RSA-RAW | ✅ | ❌ | ✅ | ✅ | |
| Digital Signatures | ECDSA | ✅ | ✅ | ✅ | ✅ |
| RSA-SSA-PSS | ✅ | ✅ | ✅ | ✅ | |
| RSA-PKS1-v1_5 | ✅ | ✅ | ✅ | ✅ | |
| Key Agreement | ECDH | ✅ | ✅ | ❌ | ✅ |
| PRF/KDF | PBKDF2 | ✅ | ✅ | ✅ | ✅ |
| HKDF | ✅ | ✅ | ✅ | ✅ |
⚠️ : use carefully
✅ : supported
❌ : not supported (yet?)