问题
Is there some way to enumerate all of the elliptic curve names that can be given to the ECGenParameterSpec constructor? Or do you have to just throw a big list of curve names at the wall and see which ones do or don't throw execeptions when you try to use them?
回答1:
It depends very much on the provider you want to use. As stated by user69513, you'll want to consult the documentation. And there lies the most basic of problems.
For the SunEC provider, the documentation is nowhere to be found, nor are the sources available to the public. But by going through the exposed classes in sunec.jar we find the CurveDB class and a method getSupportedCurves. One could call that using reflection:
public static void main(String[] args) throws Exception {
Method method = sun.security.ec.CurveDB.class.getDeclaredMethod("getSupportedCurves", null);
method.setAccessible(true);
Collection result = (Collection) method.invoke(null, null);
for (Object object : result) {
System.out.println(object);
}
}
This provides you with full discolure:
secp112r1 (1.3.132.0.6)
secp112r2 (1.3.132.0.7)
secp128r1 (1.3.132.0.28)
secp128r2 (1.3.132.0.29)
secp160k1 (1.3.132.0.9)
secp160r1 (1.3.132.0.8)
secp160r2 (1.3.132.0.30)
secp192k1 (1.3.132.0.31)
secp192r1 [NIST P-192, X9.62 prime192v1] (1.2.840.10045.3.1.1)
secp224k1 (1.3.132.0.32)
secp224r1 [NIST P-224] (1.3.132.0.33)
secp256k1 (1.3.132.0.10)
secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
secp384r1 [NIST P-384] (1.3.132.0.34)
secp521r1 [NIST P-521] (1.3.132.0.35)
X9.62 prime192v2 (1.2.840.10045.3.1.2)
X9.62 prime192v3 (1.2.840.10045.3.1.3)
X9.62 prime239v1 (1.2.840.10045.3.1.4)
X9.62 prime239v2 (1.2.840.10045.3.1.5)
X9.62 prime239v3 (1.2.840.10045.3.1.6)
sect113r1 (1.3.132.0.4)
sect113r2 (1.3.132.0.5)
sect131r1 (1.3.132.0.22)
sect131r2 (1.3.132.0.23)
sect163k1 [NIST K-163] (1.3.132.0.1)
sect163r1 (1.3.132.0.2)
sect163r2 [NIST B-163] (1.3.132.0.15)
sect193r1 (1.3.132.0.24)
sect193r2 (1.3.132.0.25)
sect233k1 [NIST K-233] (1.3.132.0.26)
sect233r1 [NIST B-233] (1.3.132.0.27)
sect239k1 (1.3.132.0.3)
sect283k1 [NIST K-283] (1.3.132.0.16)
sect283r1 [NIST B-283] (1.3.132.0.17)
sect409k1 [NIST K-409] (1.3.132.0.36)
sect409r1 [NIST B-409] (1.3.132.0.37)
sect571k1 [NIST K-571] (1.3.132.0.38)
sect571r1 [NIST B-571] (1.3.132.0.39)
X9.62 c2tnb191v1 (1.2.840.10045.3.0.5)
X9.62 c2tnb191v2 (1.2.840.10045.3.0.6)
X9.62 c2tnb191v3 (1.2.840.10045.3.0.7)
X9.62 c2tnb239v1 (1.2.840.10045.3.0.11)
X9.62 c2tnb239v2 (1.2.840.10045.3.0.12)
X9.62 c2tnb239v3 (1.2.840.10045.3.0.13)
X9.62 c2tnb359v1 (1.2.840.10045.3.0.18)
X9.62 c2tnb431r1 (1.2.840.10045.3.0.20)
回答2:
There is a better way to get hold of the list of supported curve names using supported APIs rather than reflection:
Security.getProviders("AlgorithmParameters.EC")[0]
.getService("AlgorithmParameters", "EC").getAttribute("SupportedCurves");
In jshell (AdoptOpenJDK 11.0.1):
jshell> Security.getProviders("AlgorithmParameters.EC")[0]
.getService("AlgorithmParameters", "EC").getAttribute("SupportedCurves")
$10 ==> "[secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045 ... 840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13]"
You can then parse these entries.
However, there is now also the new "XEC" curves - X25519 and X448. As far as I am aware, these are only available as the two constants of NamedParameterSpec.
回答3:
From the docs for the ECGenParameterSpec constructor:
... For the list of supported names, please consult the documentation of provider whose implementation will be used.
So the answer to (part of) your question is, you already have to know that the name you are passing is supported by whatever implementation you will be using.
As for enumerating various algorithms, I believe what you are after is java.security.Security.getProviders(String filter).
public static Provider[] getProviders(String filter) ...
Returns an array containing all installed providers that satisfy the specified selection criterion, or null if no such providers have been installed. ...
Also see Java Security Standard Algorithm Names Specification.
As for ECGenParameterSpec, its only internal member is the single String object that you pass to it. So what's up with that? Well, it implements AlgorithmParameterSpec, which (from the docs):
... This interface contains no methods or constants. Its only purpose is to group (and provide type safety for) all parameter specifications. All parameter specifications must implement this interface.
来源:https://stackoverflow.com/questions/48802735/way-to-enumerate-all-elliptic-curve-names-available-in-java