以下の内容はhttps://kazuhira-r.hatenablog.com/entry/2026/01/19/001611より取得しました。

環境で使えるJavaのプロバイダーやjava.securityファイルを眺めてみる

Java

これは、なにをしたくて書いたもの?

時々ピンポイントで書いていたのですが、Javaのプロバイダーに関する情報を確認する時に迷子になることが
多かったので単独でメモしておこうかなと。

過去のエントリーはこのあたりですね。

SecureRandomのアルゴリズムなどに関する情報をちゃんと見る - CLOVER🍀

MessageDigestに"SHA"とか、Cipherに"AES"とだけ指定した場合、どうなるの? - CLOVER🍀

環境

今回の環境はこちら。

$ java --version
openjdk 25.0.1 2025-10-21
OpenJDK Runtime Environment (build 25.0.1+8-Ubuntu-124.04)
OpenJDK 64-Bit Server VM (build 25.0.1+8-Ubuntu-124.04, mixed mode, sharing)


$ mvn --version
Apache Maven 3.9.12 (848fbb4bf2d427b72bdb2471c22fced7ebd9a7a1)
Maven home: $HOME/.sdkman/candidates/maven/current
Java version: 25.0.1, vendor: Ubuntu, runtime: /usr/lib/jvm/java-25-openjdk-amd64
Default locale: ja_JP, platform encoding: UTF-8
OS name: "linux", version: "6.8.0-90-generic", arch: "amd64", family: "unix"

OSはUbuntu Linux 24.04 LTSです。

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.3 LTS
Release:        24.04
Codename:       noble


$ uname -srvmpio
Linux 6.8.0-90-generic #91-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 18 14:14:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

準備

簡単に動作確認するところがあるので、それはテストコードで。

    <properties>
        <maven.compiler.release>25</maven.compiler.release>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
            <version>6.0.2</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.assertj</groupId>
            <artifactId>assertj-core</artifactId>
            <version>3.27.6</version>
            <scope>test</scope>
        </dependency>
    </dependencies>

プラットフォームで使えるプロバイダーを確認する

まずはプラットフォームで使えるプロバイダーを確認してみます。

正確には「暗号化サービス・プロバイダー」ですね。

Providerクラス

src/main/java/org/littlewings/PrintSecurityProviders.java

package org.littlewings;

import java.security.Provider;
import java.security.Security;
import java.util.Map;
import java.util.TreeMap;

public class PrintSecurityProviders {
    void main(String... args) {
        for (Provider provider : Security.getProviders()) {
            IO.println("==================================================================================================================================");
            System.out.printf("Provider: %s%n", provider);
            IO.println();
        }
    }
}

こちらを実行するとこうなります。

==================================================================================================================================
Provider: SUN version 25

==================================================================================================================================
Provider: SunRsaSign version 25

==================================================================================================================================
Provider: SunEC version 25

==================================================================================================================================
Provider: SunJSSE version 25

==================================================================================================================================
Provider: SunJCE version 25

==================================================================================================================================
Provider: SunJGSS version 25

==================================================================================================================================
Provider: SunSASL version 25

==================================================================================================================================
Provider: XMLDSig version 25

==================================================================================================================================
Provider: SunPCSC version 25

==================================================================================================================================
Provider: JdkLDAP version 25

==================================================================================================================================
Provider: JdkSASL version 25

==================================================================================================================================
Provider: SunPKCS11 version 25

さらに各プロバイダーの情報も出力してみましょう。

public class PrintSecurityProviders {
    void main(String... args) {
        for (Provider provider : Security.getProviders()) {
            IO.println("==================================================================================================================================");
            System.out.printf("Provider: %s%n", provider);

            for (Map.Entry<Object, Object> entry : new TreeMap<>(provider).entrySet()) {
                System.out.printf("  %s = %s%n", entry.getKey(), entry.getValue());
            }

            IO.println();
        }
    }
}

結果。

==================================================================================================================================
Provider: SUN version 25
  Alg.Alias.AlgorithmParameterGenerator.1.2.840.10040.4.1 = DSA
  Alg.Alias.AlgorithmParameterGenerator.1.3.14.3.2.12 = DSA
  Alg.Alias.AlgorithmParameterGenerator.OID.1.2.840.10040.4.1 = DSA

〜省略〜

  Signature.SHA384withDSA = sun.security.provider.DSA$SHA384withDSA
  Signature.SHA384withDSA ImplementedIn = Software
  Signature.SHA384withDSA KeySize = 3072
  Signature.SHA384withDSA SupportedKeyClasses = java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
  Signature.SHA384withDSAinP1363Format = sun.security.provider.DSA$SHA384withDSAinP1363Format
  Signature.SHA512withDSA = sun.security.provider.DSA$SHA512withDSA
  Signature.SHA512withDSA ImplementedIn = Software
  Signature.SHA512withDSA KeySize = 3072
  Signature.SHA512withDSA SupportedKeyClasses = java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
  Signature.SHA512withDSAinP1363Format = sun.security.provider.DSA$SHA512withDSAinP1363Format

==================================================================================================================================
Provider: SunRsaSign version 25
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10 = RSASSA-PSS
  Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10 = RSASSA-PSS
  Alg.Alias.AlgorithmParameters.PSS = RSASSA-PSS

〜省略〜

java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA1withRSA = sun.security.rsa.RSASignature$SHA1withRSA
  Signature.SHA1withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA224withRSA = sun.security.rsa.RSASignature$SHA224withRSA
  Signature.SHA224withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA256withRSA = sun.security.rsa.RSASignature$SHA256withRSA
  Signature.SHA256withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA3-224withRSA = sun.security.rsa.RSASignature$SHA3_224withRSA
  Signature.SHA3-224withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA3-256withRSA = sun.security.rsa.RSASignature$SHA3_256withRSA
  Signature.SHA3-256withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA3-384withRSA = sun.security.rsa.RSASignature$SHA3_384withRSA
  Signature.SHA3-384withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA3-512withRSA = sun.security.rsa.RSASignature$SHA3_512withRSA
  Signature.SHA3-512withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA384withRSA = sun.security.rsa.RSASignature$SHA384withRSA
  Signature.SHA384withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA512/224withRSA = sun.security.rsa.RSASignature$SHA512_224withRSA
  Signature.SHA512/224withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA512/256withRSA = sun.security.rsa.RSASignature$SHA512_256withRSA
  Signature.SHA512/256withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
  Signature.SHA512withRSA = sun.security.rsa.RSASignature$SHA512withRSA
  Signature.SHA512withRSA SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey

==================================================================================================================================
Provider: SunEC version 25
  Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 = EC
  Alg.Alias.AlgorithmParameters.EllipticCurve = EC
  Alg.Alias.AlgorithmParameters.OID.1.2.840.10045.2.1 = EC
  Alg.Alias.KeyAgreement.1.3.101.110 = X25519
  Alg.Alias.KeyAgreement.1.3.101.111 = X448
  Alg.Alias.KeyAgreement.OID.1.3.101.110 = X25519
  Alg.Alias.KeyAgreement.OID.1.3.101.111 = X448

〜省略〜

  Signature.SHA3-512withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
  Signature.SHA3-512withECDSAinP1363Format = sun.security.ec.ECDSASignature$SHA3_512inP1363Format
  Signature.SHA384withECDSA = sun.security.ec.ECDSASignature$SHA384
  Signature.SHA384withECDSA ImplementedIn = Software
  Signature.SHA384withECDSA KeySize = 256
  Signature.SHA384withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
  Signature.SHA384withECDSAinP1363Format = sun.security.ec.ECDSASignature$SHA384inP1363Format
  Signature.SHA512withECDSA = sun.security.ec.ECDSASignature$SHA512
  Signature.SHA512withECDSA ImplementedIn = Software
  Signature.SHA512withECDSA KeySize = 256
  Signature.SHA512withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
  Signature.SHA512withECDSAinP1363Format = sun.security.ec.ECDSASignature$SHA512inP1363Format

==================================================================================================================================
Provider: SunJSSE version 25
  Alg.Alias.KeyManagerFactory.PKIX = NewSunX509
  Alg.Alias.SSLContext.SSL = TLS
  Alg.Alias.SSLContext.SSLv3 = TLSv1
  Alg.Alias.TrustManagerFactory.SunPKIX = PKIX
  Alg.Alias.TrustManagerFactory.X.509 = PKIX
  Alg.Alias.TrustManagerFactory.X509 = PKIX
  KeyManagerFactory.NewSunX509 = sun.security.ssl.KeyManagerFactoryImpl$X509
  KeyManagerFactory.SunX509 = sun.security.ssl.KeyManagerFactoryImpl$SunX509
  KeyStore.PKCS12 = sun.security.pkcs12.PKCS12KeyStore
  Provider.id className = sun.security.ssl.SunJSSE
  Provider.id info = Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)
  Provider.id name = SunJSSE
  Provider.id version = 25
  SSLContext.DTLS = sun.security.ssl.SSLContextImpl$DTLSContext
  SSLContext.DTLSv1.0 = sun.security.ssl.SSLContextImpl$DTLS10Context
  SSLContext.DTLSv1.2 = sun.security.ssl.SSLContextImpl$DTLS12Context
  SSLContext.Default = sun.security.ssl.SSLContextImpl$DefaultSSLContext
  SSLContext.TLS = sun.security.ssl.SSLContextImpl$TLSContext
  SSLContext.TLSv1 = sun.security.ssl.SSLContextImpl$TLS10Context
  SSLContext.TLSv1.1 = sun.security.ssl.SSLContextImpl$TLS11Context
  SSLContext.TLSv1.2 = sun.security.ssl.SSLContextImpl$TLS12Context
  SSLContext.TLSv1.3 = sun.security.ssl.SSLContextImpl$TLS13Context
  Signature.MD5andSHA1withRSA = sun.security.ssl.RSASignature
  TrustManagerFactory.PKIX = sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
  TrustManagerFactory.SunX509 = sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory

==================================================================================================================================
Provider: SunJCE version 25
  Alg.Alias.AlgorithmParameterGenerator.1.2.840.113549.1.3.1 = DiffieHellman
  Alg.Alias.AlgorithmParameterGenerator.DH = DiffieHellman
  Alg.Alias.AlgorithmParameterGenerator.OID.1.2.840.113549.1.3.1 = DiffieHellman
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.7 = OAEP
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1 = PBEWithSHA1AndRC4_128
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2 = PBEWithSHA1AndRC4_40
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3 = PBEWithSHA1AndDESede
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5 = PBEWithSHA1AndRC2_128
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6 = PBEWithSHA1AndRC2_40
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.3.1 = DiffieHellman
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.5.13 = PBES2
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.5.3 = PBEWithMD5AndDES
  Alg.Alias.AlgorithmParameters.1.2.840.113549.1.9.16.3.18 = ChaCha20-Poly1305

〜省略〜

  SecretKeyFactory.PBKDF2WithHmacSHA1 = com.sun.crypto.provider.PBKDF2Core$HmacSHA1
  SecretKeyFactory.PBKDF2WithHmacSHA224 = com.sun.crypto.provider.PBKDF2Core$HmacSHA224
  SecretKeyFactory.PBKDF2WithHmacSHA256 = com.sun.crypto.provider.PBKDF2Core$HmacSHA256
  SecretKeyFactory.PBKDF2WithHmacSHA384 = com.sun.crypto.provider.PBKDF2Core$HmacSHA384
  SecretKeyFactory.PBKDF2WithHmacSHA512 = com.sun.crypto.provider.PBKDF2Core$HmacSHA512
  SecretKeyFactory.PBKDF2WithHmacSHA512/224 = com.sun.crypto.provider.PBKDF2Core$HmacSHA512_224
  SecretKeyFactory.PBKDF2WithHmacSHA512/256 = com.sun.crypto.provider.PBKDF2Core$HmacSHA512_256

==================================================================================================================================
Provider: SunJGSS version 25
  GssApiMechanism.1.2.840.113554.1.2.2 = sun.security.jgss.krb5.Krb5MechFactory
  GssApiMechanism.1.3.6.1.5.5.2 = sun.security.jgss.spnego.SpNegoMechFactory
  Provider.id className = sun.security.jgss.SunProvider
  Provider.id info = Sun (Kerberos v5, SPNEGO)
  Provider.id name = SunJGSS
  Provider.id version = 25

==================================================================================================================================
Provider: SunSASL version 25
  Provider.id className = com.sun.security.sasl.Provider
  Provider.id info = Sun SASL provider(implements client mechanisms for: DIGEST-MD5, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, CRAM-MD5, NTLM)
  Provider.id name = SunSASL
  Provider.id version = 25
  SaslClientFactory.CRAM-MD5 = com.sun.security.sasl.ClientFactoryImpl
  SaslClientFactory.DIGEST-MD5 = com.sun.security.sasl.digest.FactoryImpl
  SaslClientFactory.EXTERNAL = com.sun.security.sasl.ClientFactoryImpl
  SaslClientFactory.NTLM = com.sun.security.sasl.ntlm.FactoryImpl
  SaslClientFactory.PLAIN = com.sun.security.sasl.ClientFactoryImpl
  SaslServerFactory.CRAM-MD5 = com.sun.security.sasl.ServerFactoryImpl
  SaslServerFactory.DIGEST-MD5 = com.sun.security.sasl.digest.FactoryImpl
  SaslServerFactory.NTLM = com.sun.security.sasl.ntlm.FactoryImpl

==================================================================================================================================
Provider: XMLDSig version 25
  Alg.Alias.TransformService.BASE64 = http://www.w3.org/2000/09/xmldsig#base64
  Alg.Alias.TransformService.ENVELOPED = http://www.w3.org/2000/09/xmldsig#enveloped-signature
  Alg.Alias.TransformService.EXCLUSIVE = http://www.w3.org/2001/10/xml-exc-c14n#
  Alg.Alias.TransformService.EXCLUSIVE_WITH_COMMENTS = http://www.w3.org/2001/10/xml-exc-c14n#WithComments
  Alg.Alias.TransformService.INCLUSIVE = http://www.w3.org/TR/2001/REC-xml-c14n-20010315
  Alg.Alias.TransformService.INCLUSIVE_WITH_COMMENTS = http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
  Alg.Alias.TransformService.XPATH = http://www.w3.org/TR/1999/REC-xpath-19991116
  Alg.Alias.TransformService.XPATH2 = http://www.w3.org/2002/06/xmldsig-filter2
  Alg.Alias.TransformService.XSLT = http://www.w3.org/TR/1999/REC-xslt-19991116
  KeyInfoFactory.DOM = org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory
  Provider.id className = org.jcp.xml.dsig.internal.dom.XMLDSigRI
  Provider.id info = XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)
  Provider.id name = XMLDSig
  Provider.id version = 25
  TransformService.http://www.w3.org/2000/09/xmldsig#base64 = org.jcp.xml.dsig.internal.dom.DOMBase64Transform
  TransformService.http://www.w3.org/2000/09/xmldsig#base64 MechanismType = DOM
  TransformService.http://www.w3.org/2000/09/xmldsig#enveloped-signature = org.jcp.xml.dsig.internal.dom.DOMEnvelopedTransform
  TransformService.http://www.w3.org/2000/09/xmldsig#enveloped-signature MechanismType = DOM
  TransformService.http://www.w3.org/2001/10/xml-exc-c14n# = org.jcp.xml.dsig.internal.dom.DOMExcC14NMethod
  TransformService.http://www.w3.org/2001/10/xml-exc-c14n# MechanismType = DOM
  TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments = 

〜省略〜

  TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116 = org.jcp.xml.dsig.internal.dom.DOMXSLTTransform
  TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116 MechanismType = DOM
  TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315 = org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
  TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315 MechanismType = DOM
  TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
  TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments MechanismType = DOM
  XMLSignatureFactory.DOM = org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory

==================================================================================================================================
Provider: SunPCSC version 25
  Provider.id className = sun.security.smartcardio.SunPCSC
  Provider.id info = Sun PC/SC provider
  Provider.id name = SunPCSC
  Provider.id version = 25
  TerminalFactory.PC/SC = sun.security.smartcardio.SunPCSC$Factory

==================================================================================================================================
Provider: JdkLDAP version 25
  CertStore.LDAP = sun.security.provider.certpath.ldap.LDAPCertStore
  CertStore.LDAP ImplementedIn = Software
  CertStore.LDAP LDAPSchema = RFC2587
  Provider.id className = sun.security.provider.certpath.ldap.JdkLDAP
  Provider.id info = JdkLDAP Provider (implements LDAP CertStore)
  Provider.id name = JdkLDAP
  Provider.id version = 25

==================================================================================================================================
Provider: JdkSASL version 25
  Provider.id className = com.sun.security.sasl.gsskerb.JdkSASL
  Provider.id info = JDK SASL provider(implements client and server mechanisms for GSSAPI)
  Provider.id name = JdkSASL
  Provider.id version = 25
  SaslClientFactory.GSSAPI = com.sun.security.sasl.gsskerb.FactoryImpl
  SaslServerFactory.GSSAPI = com.sun.security.sasl.gsskerb.FactoryImpl

==================================================================================================================================
Provider: SunPKCS11 version 25
  Provider.id className = sun.security.pkcs11.SunPKCS11
  Provider.id info = Unconfigured and unusable PKCS11 provider
  Provider.id name = SunPKCS11
  Provider.id version = 25

まあ、これだけを見てもなんとも…という感じですね。

Javaにどのようなプロバイダー(JDKプロバイダー)が含まれているのかはこちらに書かれています。

JDKプロバイダ・ドキュメント

各プロバイダーが持つエンジンと対応するアルゴリズムが書かれています。

JSSEに関するページは独立しているので、合わせてこちらも。

Java Secure Socket Extension (JSSE)リファレンス・ガイド

Javaセキュリティ標準アルゴリズム名に関するページも参考になるでしょう。

Javaセキュリティ標準アルゴリズム名

テストコードでの確認。

src/test/java/org/littlewings/DefaultProvidersTest.java

package org.littlewings;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.SSLContext;

import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import org.junit.jupiter.api.Test;

import static org.assertj.core.api.Assertions.assertThat;

class DefaultProvidersTest {
    @Test
    void secureRandom() {
        SecureRandom secureRandom = new SecureRandom();
        assertThat(secureRandom.getProvider().getName()).isEqualTo("SUN");
    }

    @Test
    void messageDigest() throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        assertThat(messageDigest.getProvider().getName()).isEqualTo("SUN");
    }

    @Test
    void signature() throws NoSuchAlgorithmException {
        assertThat(Signature.getInstance("SHA256withRSA").getProvider().getName()).isEqualTo("SunRsaSign");
        assertThat(Signature.getInstance("SHA256withECDSA").getProvider().getName()).isEqualTo("SunEC");
    }

    @Test
    void cipher() throws NoSuchPaddingException, NoSuchAlgorithmException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        assertThat(cipher.getProvider().getName()).isEqualTo("SunJCE");
    }

    @Test
    void keyPairGenerator() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        assertThat(keyPairGenerator.getProvider().getName()).isEqualTo("SunRsaSign");
    }

    @Test
    void ssl() throws NoSuchAlgorithmException {
        SSLContext sslContext = SSLContext.getDefault();
        assertThat(sslContext.getProvider().getName()).isEqualTo("SunJSSE");
    }
}

java.securityファイル

手元の環境の$JAVA_HOME/conf/security/java.securityの内容です。

$ grep -v '^#' /usr/lib/jvm/java-25-openjdk-amd64/conf/security/java.security | grep -v '^$'
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunPKCS11
securerandom.source=file:/dev/random
securerandom.strongAlgorithms=NativePRNGBlocking:SUN,DRBG:SUN
securerandom.drbg.config=
login.configuration.provider=sun.security.provider.ConfigFile
policy.expandProperties=true
policy.allowSystemProperty=true
keystore.type=pkcs12
keystore.type.compat=true
security.overridePropertiesFile=true
ssl.KeyManagerFactory.algorithm=SunX509
ssl.TrustManagerFactory.algorithm=PKIX
networkaddress.cache.negative.ttl=10
krb5.kdc.bad.policy = tryLast
sun.security.krb5.disableReferrals=false
sun.security.krb5.maxReferrals=5
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    SHA1 usage SignedJAR & denyAfter 2019-01-01
jdk.security.legacyAlgorithms=SHA1, \
    RSA keySize < 2048, DSA keySize < 2048, \
    DES, DESede, MD5, RC2, ARCFOUR
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, SHA1 denyAfter 2019-01-01
http.auth.digest.disabledAlgorithms = MD5, SHA-1
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    ECDH, TLS_RSA_*, rsa_pkcs1_sha1 usage HandshakeSignature, \
    ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature
jdk.tls.legacyAlgorithms=NULL, anon, RC4, DES, 3DES_EDE_CBC
jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37, \
                  ChaCha20-Poly1305 KeyUpdate 2^37
crypto.policy=unlimited
jdk.xml.dsig.secureValidationPolicy=\
    disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
    disallowAlg http://www.w3.org/2000/09/xmldsig#sha1,\
    disallowAlg http://www.w3.org/2000/09/xmldsig#dsa-sha1,\
    disallowAlg http://www.w3.org/2000/09/xmldsig#rsa-sha1,\
    disallowAlg http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1,\
    maxTransforms 5,\
    maxReferences 30,\
    disallowReferenceUriSchemes file http https,\
    minKeySize RSA 1024,\
    minKeySize DSA 1024,\
    minKeySize EC 224,\
    noDuplicateIds,\
    noRetrievalMethodLoops
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\
  java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!*
jdk.includeInExceptions=hostInfoExclSocket
jdk.sasl.disabledMechanisms=
jdk.security.caDistrustPolicies=SYMANTEC_TLS,ENTRUST_TLS,CAMERFIRMA_TLS
jdk.io.permissionsUseCanonicalPath=false
jdk.tls.alpnCharset=ISO_8859_1
jdk.epkcs8.defaultAlgorithm=PBEWithHmacSHA256AndAES_128

プロバイダーの優先順位やアルゴリズムの設定などが書かれています。

セキュリティ・プロパティ・ファイル

セキュリティ・プロパティ

おわりに

内容を見るというよりはなにがどこにあったかをメモするためのものなのですが、調べようとした時に
「なんのことだったっけ?」となることが多いので書いておきました。

ここから少し追っておきたいところとかあったりするので。



以上の内容はhttps://kazuhira-r.hatenablog.com/entry/2026/01/19/001611より取得しました。
このページはhttp://font.textar.tv/のウェブフォントを使用してます
不具合報告/要望等はこちらへお願いします。
モバイルやる夫Viewer Ver0.14