Type | Description |
---|---|
JKS | Java KeyStore. Oracle's KeyStore format. |
JCEKS | Java Cryptography Extension KeyStore. More secure version of JKS. |
PKCS #12 | Public-Key Cryptography Standards #12 KeyStore. RSA's KeyStore format. |
BKS | Bouncy Castle KeyStore. Bouncy Castle's version of JKS. |
BKS-V1 | Older and incompatible version of Bouncy Castle KeyStore. |
UBER | Bouncy Castle UBER KeyStore. More secure version of BKS. |
Key Pair Algorithm | Key Size (bits) | Signature Algorithm |
---|---|---|
RSA | 512 - 16384 | MD2 with RSA |
MD5 with RSA | ||
RIPEMD-128 with RSA | ||
RIPEMD-160 with RSA | ||
RIPEMD-256 with RSA | ||
SHA-1 with RSA | ||
SHA-224 with RSA | ||
SHA-256 with RSA | ||
SHA-384 with RSA * | ||
SHA-512 with RSA ** | ||
DSA | 512 - 1024 | SHA-1 with DSA |
SHA-224 with DSA | ||
SHA-256 with DSA | ||
SHA-384 with DSA | ||
SHA-512 with DSA |
Key Pair Algorithm | Curve Set | Curves *** |
---|---|---|
EC | NIST | B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 |
SEC | secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1 | |
ANSI X9.62 | prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, prime256v1, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176w1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2tnb359v1, c2tnb431r1, c2pnb208w1, c2pnb272w1, c2pnb304w1, c2pnb368w1 | |
Brainpool | brainpoolP160r1, brainpoolP160t1, brainpoolP192r1, brainpoolP192t1, brainpoolP224r1, brainpoolP224t1, brainpoolP256r1, brainpoolP256t1, brainpoolP320r1, brainpoolP320t1, brainpoolP384r1, brainpoolP384t1, brainpoolP512r1, brainpoolP512t1 |
Type | Description |
---|---|
PKCS #10 | Public-Key Cryptography Standards #10 CSR, RSA's CSR format. |
SPKAC | Signed Public Key and Challenge (SPKAC), Netscape's CSR format. |
Extension Name | Extension OID | View | Add to Certificates / CSRs |
---|---|---|---|
Entrust Version Information | 1.2.840.113533.7.65.0 | X | |
Authority Information Access | 1.3.6.1.5.5.7.1.1 | X | X |
Subject Information Access | 1.3.6.1.5.5.7.1.11 | X | X |
Subject Directory Attributes | 2.5.29.9 | X | |
Subject Key Identifier | 2.5.29.14 | X | X |
Key Usage | 2.5.29.15 | X | X |
Private Key Usage Period | 2.5.29.16 | X | X |
Subject Alternative Name | 2.5.29.17 | X | X |
Issuer Alternative Name | 2.5.29.18 | X | X |
Basic Constraints | 2.5.29.19 | X | X |
CRL Number | 2.5.29.20 | X | N/A |
Reason Code | 2.5.29.21 | X | N/A |
Hold Instruction Code | 2.5.29.23 | X | N/A |
Invalidity Date | 2.5.29.24 | X | N/A |
Delta CRL Indicator | 2.5.29.27 | X | N/A |
Issuing Distribution Point | 2.5.29.28 | X | N/A |
Certificate Issuer | 2.5.29.29 | X | N/A |
Name Constraints | 2.5.29.30 | X | X |
CRL Distribution Points | 2.5.29.31 | X | |
Certificate Policies | 2.5.29.32 | X | X |
Policy Mappings | 2.5.29.33 | X | X |
Authority Key Identifier | 2.5.29.35 | X | X |
Policy Constraints | 2.5.29.36 | X | X |
Extended Key Usage | 2.5.29.37 | X | X |
Freshest CRL | 2.5.29.46 | X | |
Inhibit Any Policy | 2.5.29.54 | X | X |
Netscape Certificate Type | 2.16.840.1.113730.1.1 | X | X |
Netscape Base URL | 2.16.840.1.113730.1.2 | X | X |
Netscape Revocation URL | 2.16.840.1.113730.1.3 | X | X |
Netscape CA Revocation URL | 2.16.840.1.113730.1.4 | X | X |
Netscape Certificate Renewal URL | 2.16.840.1.113730.1.7 | X | X |
Netscape CA Policy URL | 2.16.840.1.113730.1.8 | X | X |
Netscape SSL Server Name | 2.16.840.1.113730.1.12 | X | X |
Netscape Comment | 2.16.840.1.113730.1.13 | X | X |
Format | Private Part | Public Part |
---|---|---|
PKCS #12 | X | X |
PKCS #8 (DER or PEM) * | X | |
PVK | X | |
OpenSSL (DER or PEM) ** | X | X |
X.509 (DER or PEM) | X | |
PKCS #7 (DER or PEM) | X | |
PKI Path | X | |
SPC | X |
PBE Algorithm |
---|
SHA-1 and 40 bit RC4 |
SHA-1 and 128 bit RC4 |
SHA-1 and 2 key DESede |
SHA-1 and 3 key DESede |
SHA-1 and 40 bit RC2 |
SHA-1 and 128 bit RC2 |
PBE Algorithm |
---|
PBE with DES CBC |
PBE with DESede CBC |
PBE with 128 bit AES CBC |
PBE with 192 bit AES CBC |
PBE with 256 bit AES CBC |
Format |
---|
X.509 (DER or PEM) |
PKCS #7 (DER or PEM) |
PKI Path |
SPC |
Signature Subject | Signature Algorithms |
---|---|
CSR | MD2 with RSA |
MD5 with RSA | |
RIPEMD-128 with RSA | |
RIPEMD-160 with RSA | |
RIPEMD-256 with RSA | |
SHA-1 with RSA | |
SHA-224 with RSA | |
SHA-256 with RSA | |
SHA-384 with RSA * | |
SHA-512 with RSA ** | |
SHA-1 with DSA | |
SHA-224 with DSA | |
SHA-256 with DSA | |
SHA-384 with DSA | |
SHA-512 with DSA | |
JAR | MD2 with RSA |
MD5 with RSA | |
SHA-1 with RSA | |
SHA-1 with DSA | |
MIDlet | SHA-1 with RSA |