Cryptography

This document describes the proper way to use Android's cryptographic facilities and includes some examples of its use. If your app requires greater key security, use the Android Keystore system.

Specify a provider only with the Android Keystore system

If you're using the Android Keystore system, you must specify a provider.

In other situations, however, Android doesn't guarantee a particular provider for a given algorithm. Specifying a provider without using the Android Keystore system could cause compatibility problems in future releases.

Choose a recommended algorithm

When you have the freedom to choose which algorithm to use (such as when you do not require compatibility with a third-party system), we recommend using the following algorithms:

Class Recommendation
Cipher AES in either CBC or GCM mode with 256-bit keys (such as AES/GCM/NoPadding)
MessageDigest SHA-2 family (eg, SHA-256)
Mac SHA-2 family HMAC (eg, HMACSHA256)
Signature SHA-2 family with ECDSA (eg, SHA256withECDSA)

Perform common cryptographic operations

The following sections include snippets that demonstrates how you can complete common cryptographic operations in your app.

Encrypt a message

byte[] plaintext = ...;
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
SecretKey key = keygen.generateKey();
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] ciphertext = cipher.doFinal(plaintext);
byte[] iv = cipher.getIV();

Generate a message digest

byte[] message = ...;
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] digest = md.digest(message);

Generate a digital signature

You need to have a PrivateKey object containing the signing key, which you can generate at runtime, read from a file bundled with your app, or obtain from some other source depending on your needs.

byte[] message = ...;
PrivateKey key = ...;
Signature s = Signature.getInstance("SHA256withECDSA");
s.initSign(key);
s.update(message);
byte[] signature = s.sign();

Verify a digital signature

You need to have a PublicKey object containing the signer's public key, which you might read from a file bundled with your app, extract from a certificate, or obtain from some other source depending on your needs.

byte[] message = ...;
byte[] signature = ...;
PublicKey key = ...;
Signature s = Signature.getInstance("SHA256withECDSA");
s.initVerify(key);
s.update(message);
boolean valid = s.verify(signature);

Implementation complexities

There are some details of the Android cryptography implementation that seem unusual but are present due to compatibility concerns. This section discusses the ones that you'll most likely encounter.

OAEP MGF1 message digest

RSA OAEP ciphers are parameterized by two different message digests: the “main” digest and the MGF1 digest. There are Cipher identifiers that include digest names, such as Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding"), which specify the main digest and leave the MGF1 digest unspecified. For Android Keystore, SHA-1 is used for the MGF1 digest, whereas for other Android cryptographic providers, the two digests are the same.

To have more control over the digests that your app uses, you should request a cipher with OAEPPadding, as in Cipher.getInstance("RSA/ECB/OAEPPadding"), and provide an OAEPParameterSpec to init() to explicitly choose both digests.

Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
// To use SHA-256 the main digest and SHA-1 as the MGF1 digest
cipher.init(Cipher.ENCRYPT_MODE, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
// To use SHA-256 for both digests
cipher.init(Cipher.ENCRYPT_MODE, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));

Deprecated functionality

The following sections describe deprecated functionality that you should no longer use in your app.

Bouncy Castle algorithms

A number of algorithms from the Bouncy Castle provider that are also provided by another provider have been deprecated in Android P. This only affects cases where the implementation from the Bouncy Castle provider is explicitly requested, such as Cipher.getInstance("AES/CBC/PKCS7PADDING", "BC") or Cipher.getInstance("AES/CBC/PKCS7PADDING", Security.getProvider("BC")). As noted above, requesting a specific provider is discouraged, so if you follow that guideline this deprecation should not affect you. See this post on the Android developers blog for more details.

Password-based encryption ciphers without an IV

Password-based encryption (PBE) ciphers that require an initialization vector (IV) can obtain it from the key, if it’s suitably constructed, or from an explicitly-passed IV. When passing a PBE key that doesn't contain an IV and no explicit IV, the PBE ciphers on Android currently assume an IV of zero.

An explicit IV should always be passed when using PBE ciphers, as shown in the following code snippet:

SecretKey key = ...;
Cipher cipher = Cipher.getInstance("PBEWITHSHA256AND256BITAES-CBC-BC");
byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));

Supported algorithms

These are the JCA algorithm identifiers that are supported on Android at each API level.

AlgorithmParameterGenerator

Algorithm Supported API Levels
AES 1-8
DES 1-8
DESede 1-8
DH 1+
DSA 1+

AlgorithmParameters

Algorithm Supported API Levels
AES 1+
BLOWFISH 10+
ChaCha20 P Preview
DES 1+
DESede 1+
DH 1+
DSA 1+
EC 26+
GCM 22+
IES 1-8
OAEP 1+
PBEwithHmacSHA1AndAES_128 26+
PBEwithHmacSHA1AndAES_256 26+
PBEwithHmacSHA224AndAES_128 26+
PBEwithHmacSHA224AndAES_256 26+
PBEwithHmacSHA256AndAES_128 26+
PBEwithHmacSHA256AndAES_256 26+
PBEwithHmacSHA384AndAES_128 26+
PBEwithHmacSHA384AndAES_256 26+
PBEwithHmacSHA512AndAES_128 26+
PBEwithHmacSHA512AndAES_256 26+
PKCS12PBE 1+
PSS 1-8,24+

CertPathBuilder

Algorithm Supported API Levels
PKIX 1+

CertPathValidator

Algorithm Supported API Levels
PKIX 1+

CertStore

Algorithm Supported API Levels
Collection 1+

CertificateFactory

Algorithm Supported API Levels
X.509 1+

Cipher

Algorithm Modes Paddings Supported API Levels Notes
AES CBC
CFB
CTR
CTS
ECB
OFB
ISO10126Padding
NoPadding
PKCS5Padding
1+
GCM NoPadding 10+
AES_128 CBC
ECB
NoPadding
PKCS5Padding
26+
GCM NoPadding 26+
AES_256 CBC
ECB
NoPadding
PKCS5Padding
26+
GCM NoPadding 26+
ARC4 ECB NoPadding 10+
NONE NoPadding P Preview
BLOWFISH CBC
CFB
CTR
CTS
ECB
OFB
ISO10126Padding
NoPadding
PKCS5Padding
10+
ChaCha20 NONE
Poly1305
NoPadding P Preview ChaCha with 20 rounds, 96-bit nonce, and 32-bit counter as described in RFC 7539.
DES CBC
CFB
CTR
CTS
ECB
OFB
ISO10126Padding
NoPadding
PKCS5Padding
1+
DESede CBC
CFB
CTR
CTS
ECB
OFB
ISO10126Padding
NoPadding
PKCS5Padding
1+
RSA ECB
NONE
NoPadding
OAEPPadding
PKCS1Padding
1+
OAEPwithSHA-1andMGF1Padding
OAEPwithSHA-256andMGF1Padding
10+
OAEPwithSHA-224andMGF1Padding
OAEPwithSHA-384andMGF1Padding
OAEPwithSHA-512andMGF1Padding
23+

KeyAgreement

Algorithm Supported API Levels
DH 1+
ECDH 11+

KeyFactory

Algorithm Supported API Levels
DH 1+
DSA 1+
EC 11+
RSA 1+
X.509 1-8

KeyGenerator

Algorithm Supported API Levels
AES 1+
AESWRAP 1-8
ARC4 14+
BLOWFISH 10+
ChaCha20 P Preview
DES 1+
DESede 1+
DESedeWRAP 1-8
HmacMD5 1+
HmacSHA1 11+
HmacSHA224 1-8, 22+
HmacSHA256 1+
HmacSHA384 1+
HmacSHA512 1+
RC4 10-13

KeyManagerFactory

Algorithm Supported API Levels
PKIX 1+

KeyPairGenerator

Algorithm Supported API Levels
DH 1+
DSA 1+
EC 11+
RSA 1+

KeyStore

Algorithm Supported API Levels
AndroidCAStore 14+
AndroidKeyStore 18+
BCPKCS12 1-8
BKS 1+
BouncyCastle 1+
PKCS12 1+
PKCS12-DEF 1-8

Mac

Algorithm Supported API Levels
DESMAC 1-8
DESMAC/CFB8 1-8
DESedeMAC 1-8
DESedeMAC/CFB8 1-8
DESedeMAC64 1-8
DESwithISO9797 1-8
HmacMD5 1+
HmacSHA1 1+
HmacSHA224 1-8, 22+
HmacSHA256 1+
HmacSHA384 1+
HmacSHA512 1+
ISO9797ALG3MAC 1-8
PBEwithHmacSHA 1+
PBEwithHmacSHA1 1+
PBEwithHmacSHA224 26+
PBEwithHmacSHA256 26+
PBEwithHmacSHA384 26+
PBEwithHmacSHA512 26+

MessageDigest

Algorithm Supported API Levels
MD5 1+
SHA-1 1+
SHA-224 1-8, 22+
SHA-256 1+
SHA-384 1+
SHA-512 1+

SSLContext

Algorithm Supported API Levels
Default 10+
SSL 10+
SSLv3 10-25
TLS 1+
TLSv1 10+
TLSv1.1 16+
TLSv1.2 16+

SSLEngine

Algorithm Supported API Levels Enabled By Default
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 9-22 9-19
SSL_DHE_DSS_WITH_DES_CBC_SHA 9-22 9-19
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 9-22 9-19
SSL_DHE_RSA_WITH_DES_CBC_SHA 9-22 9-19
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 9-22
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 9-22
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA 9-22
SSL_DH_anon_WITH_DES_CBC_SHA 9-22
SSL_DH_anon_WITH_RC4_128_MD5 9-22
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_RSA_EXPORT_WITH_RC4_40_MD5 9-22 9-19
SSL_RSA_WITH_3DES_EDE_CBC_SHA 9+ 9-19
SSL_RSA_WITH_DES_CBC_SHA 9-22 9-19
SSL_RSA_WITH_NULL_MD5 9-22
SSL_RSA_WITH_NULL_SHA 9-22
SSL_RSA_WITH_RC4_128_MD5 9-25 9-19
SSL_RSA_WITH_RC4_128_SHA 9-25 9-23
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 1-8 1-8
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 1-8 1-8
TLS_DHE_DSS_WITH_AES_128_CBC_SHA 9-22 9-22
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 20-22
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 20-22
TLS_DHE_DSS_WITH_AES_256_CBC_SHA 9-22 20-22
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 20-22
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 20-22
TLS_DHE_DSS_WITH_DES_CBC_SHA 1-8 1-8
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1-8 1-8
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 1-8 1-8
TLS_DHE_RSA_WITH_AES_128_CBC_SHA 9-25 9-25
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 20-25
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 20-25 20-25
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 9-25 20-25
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 20-25
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 20-25 20-25
TLS_DHE_RSA_WITH_DES_CBC_SHA 1-8 1-8
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 1-8
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 1-8
TLS_DH_DSS_WITH_DES_CBC_SHA 1-8
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 1-8
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 1-8
TLS_DH_RSA_WITH_DES_CBC_SHA 1-8
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 1-8
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 1-8
TLS_DH_anon_WITH_AES_128_CBC_SHA 9-22
TLS_DH_anon_WITH_AES_128_CBC_SHA256 20-22
TLS_DH_anon_WITH_AES_128_GCM_SHA256 20-22
TLS_DH_anon_WITH_AES_256_CBC_SHA 9-22
TLS_DH_anon_WITH_AES_256_CBC_SHA256 20-22
TLS_DH_anon_WITH_AES_256_GCM_SHA384 20-22
TLS_DH_anon_WITH_DES_CBC_SHA 1-8
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 20-22
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 20+ 20+
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 20+
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 20+ 20+
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 20+
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_ECDSA_WITH_NULL_SHA 20-22
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 20-25 20-23
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 21+ 21+
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 21+ 21+
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 20-22
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 20+ 20+
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 20+
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 20+ 20+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 20+
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_RSA_WITH_NULL_SHA 20-22
TLS_ECDHE_RSA_WITH_RC4_128_SHA 20-25 20-23
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 20-22
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 20-22
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 20-22
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 20-22
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 20-22
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 20-22
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 20-22
TLS_ECDH_ECDSA_WITH_NULL_SHA 20-22
TLS_ECDH_ECDSA_WITH_RC4_128_SHA 20-22
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 20-22
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 20-22
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 20-22
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 20-22
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 20-22
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 20-22
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 20-22
TLS_ECDH_RSA_WITH_NULL_SHA 20-22
TLS_ECDH_RSA_WITH_RC4_128_SHA 20-22
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 20-22
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 20-22
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 20-22
TLS_ECDH_anon_WITH_NULL_SHA 20-22
TLS_ECDH_anon_WITH_RC4_128_SHA 20-22
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 20+ 20+
TLS_FALLBACK_SCSV 21+
TLS_NULL_WITH_NULL_NULL 1-8
TLS_PSK_WITH_3DES_EDE_CBC_SHA 21-22
TLS_PSK_WITH_AES_128_CBC_SHA 21+ 21+
TLS_PSK_WITH_AES_256_CBC_SHA 21+ 21+
TLS_PSK_WITH_RC4_128_SHA 21-25
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 1-8 1-8
TLS_RSA_WITH_3DES_EDE_CBC_SHA 1-8 1-8
TLS_RSA_WITH_AES_128_CBC_SHA 9+ 9+
TLS_RSA_WITH_AES_128_CBC_SHA256 20+
TLS_RSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_RSA_WITH_AES_256_CBC_SHA 9+ 20+
TLS_RSA_WITH_AES_256_CBC_SHA256 20+
TLS_RSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_RSA_WITH_DES_CBC_SHA 1-8 1-8
TLS_RSA_WITH_NULL_MD5 1-8
TLS_RSA_WITH_NULL_SHA 1-8
TLS_RSA_WITH_NULL_SHA256 20-22

SSLSocket

Algorithm Supported API Levels Enabled By Default
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 9-22 9-19
SSL_DHE_DSS_WITH_DES_CBC_SHA 9-22 9-19
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 9-22 9-19
SSL_DHE_RSA_WITH_DES_CBC_SHA 9-22 9-19
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 9-22
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 9-22
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA 9-22
SSL_DH_anon_WITH_DES_CBC_SHA 9-22
SSL_DH_anon_WITH_RC4_128_MD5 9-22
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 9-22 9-19
SSL_RSA_EXPORT_WITH_RC4_40_MD5 9-22 9-19
SSL_RSA_WITH_3DES_EDE_CBC_SHA 9+ 9-19
SSL_RSA_WITH_DES_CBC_SHA 9-22 9-19
SSL_RSA_WITH_NULL_MD5 9-22
SSL_RSA_WITH_NULL_SHA 9-22
SSL_RSA_WITH_RC4_128_MD5 9-25 9-19
SSL_RSA_WITH_RC4_128_SHA 9-25 9-23
TLS_DHE_DSS_WITH_AES_128_CBC_SHA 9-22 9-22
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 20-22
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 20-22
TLS_DHE_DSS_WITH_AES_256_CBC_SHA 9-22 11-22
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 20-22
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 20-22
TLS_DHE_RSA_WITH_AES_128_CBC_SHA 9-25 9-25
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 20-25
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 20-25 20-25
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 9-25 11-25
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 20-25
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 20-25 20-25
TLS_DH_anon_WITH_AES_128_CBC_SHA 9-22
TLS_DH_anon_WITH_AES_128_CBC_SHA256 20-22
TLS_DH_anon_WITH_AES_128_GCM_SHA256 20-22
TLS_DH_anon_WITH_AES_256_CBC_SHA 9-22
TLS_DH_anon_WITH_AES_256_CBC_SHA256 20-22
TLS_DH_anon_WITH_AES_256_GCM_SHA384 20-22
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 11-22 11-19
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 11+ 11+
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 20+
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 11+ 11+
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 20+
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_ECDSA_WITH_NULL_SHA 11-22
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 11-25 11-23
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 21+ 21+
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 21+ 21+
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 11-22 11-19
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 11+ 11+
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 20+
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 11+ 11+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 20+
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 24+ 24+
TLS_ECDHE_RSA_WITH_NULL_SHA 11-22
TLS_ECDHE_RSA_WITH_RC4_128_SHA 11-25 11-23
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 11-22 11-19
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 11-22 11-19
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 20-22
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 20-22
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 11-22 11-19
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 20-22
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 20-22
TLS_ECDH_ECDSA_WITH_NULL_SHA 11-22
TLS_ECDH_ECDSA_WITH_RC4_128_SHA 11-22 11-19
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 11-22 11-19
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 11-22 11-19
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 20-22
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 20-22
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 11-22 11-19
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 20-22
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 20-22
TLS_ECDH_RSA_WITH_NULL_SHA 11-22
TLS_ECDH_RSA_WITH_RC4_128_SHA 11-22 11-19
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 11-22
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 11-22
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 11-22
TLS_ECDH_anon_WITH_NULL_SHA 11-22
TLS_ECDH_anon_WITH_RC4_128_SHA 11-22
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 11+ 11+
TLS_FALLBACK_SCSV 21+
TLS_PSK_WITH_3DES_EDE_CBC_SHA 21-22
TLS_PSK_WITH_AES_128_CBC_SHA 21+ 21+
TLS_PSK_WITH_AES_256_CBC_SHA 21+ 21+
TLS_PSK_WITH_RC4_128_SHA 21-25
TLS_RSA_WITH_AES_128_CBC_SHA 9+ 9+
TLS_RSA_WITH_AES_128_CBC_SHA256 20+
TLS_RSA_WITH_AES_128_GCM_SHA256 20+ 20+
TLS_RSA_WITH_AES_256_CBC_SHA 9+ 11+
TLS_RSA_WITH_AES_256_CBC_SHA256 20+
TLS_RSA_WITH_AES_256_GCM_SHA384 20+ 20+
TLS_RSA_WITH_NULL_SHA256 20-22

SecretKeyFactory

Algorithm Supported API Levels
AES 23+
DES 1+
DESede 1+
HmacSHA1 23+
HmacSHA224 23+
HmacSHA256 23+
HmacSHA384 23+
HmacSHA512 23+
PBEwithHmacSHA1 1+
PBEwithHmacSHA1AndAES_128 26+
PBEwithHmacSHA1AndAES_256 26+
PBEwithHmacSHA224AndAES_128 26+
PBEwithHmacSHA224AndAES_256 26+
PBEwithHmacSHA256AndAES_128 26+
PBEwithHmacSHA256AndAES_256 26+
PBEwithHmacSHA384AndAES_128 26+
PBEwithHmacSHA384AndAES_256 26+
PBEwithHmacSHA512AndAES_128 26+
PBEwithHmacSHA512AndAES_256 26+
PBEwithMD5AND128BITAES-CBC-OPENSSL 1+
PBEwithMD5AND192BITAES-CBC-OPENSSL 1+
PBEwithMD5AND256BITAES-CBC-OPENSSL 1+
PBEwithMD5ANDDES 1+
PBEwithMD5ANDRC2 1+
PBEwithSHA1ANDDES 1+
PBEwithSHA1ANDRC2 1+
PBEwithSHA256AND128BITAES-CBC-BC 1+
PBEwithSHA256AND192BITAES-CBC-BC 1+
PBEwithSHA256AND256BITAES-CBC-BC 1+
PBEwithSHAAND128BITAES-CBC-BC 1+
PBEwithSHAAND128BITRC2-CBC 10+
PBEwithSHAAND128BITRC4 10+
PBEwithSHAAND192BITAES-CBC-BC 1+
PBEwithSHAAND2-KEYTRIPLEDES-CBC 1+
PBEwithSHAAND256BITAES-CBC-BC 1+
PBEwithSHAAND3-KEYTRIPLEDES-CBC 1+
PBEwithSHAAND40BITRC2-CBC 1+
PBEwithSHAAND40BITRC4 10+
PBEwithSHAANDTWOFISH-CBC 10+
PBKDF2withHmacSHA1 10+
PBKDF2withHmacSHA1And8BIT 19+
PBKDF2withHmacSHA224 26+
PBKDF2withHmacSHA256 26+
PBKDF2withHmacSHA384 26+
PBKDF2withHmacSHA512 26+

SecureRandom

Algorithm Supported API Levels
SHA1PRNG 1+

Signature

Algorithm Supported API Levels
DSA 1+
DSAwithSHA1 1+
DSS 1-19
ECDSA 11+
ECDSAwithSHA1 11+
MD2withRSA 1-3
MD4withRSA 1-8
MD5withRSA 1+
MD5withRSA/ISO9796-2 1-8
NONEwithDSA 1+
NONEwithECDSA 11+
NONEwithRSA 17+
RSASSA-PSS 1-8
SHA1withDSA 1+
SHA1withECDSA 11+
SHA1withRSA 1+
SHA1withRSA/ISO9796-2 1-8
SHA1withRSA/PSS 23+
SHA224withDSA 20+
SHA224withECDSA 20+
SHA224withRSA 20+
SHA224withRSA/PSS 23+
SHA256withDSA 1+
SHA256withECDSA 11+
SHA256withRSA 1+
SHA256withRSA/PSS 23+
SHA384withECDSA 11+
SHA384withRSA 1+
SHA384withRSA/PSS 23+
SHA512withECDSA 11+
SHA512withRSA 1+
SHA512withRSA/PSS 23+

TrustManagerFactory

Algorithm Supported API Levels
PKIX 1+