In order to implement encryption using Java, I am using JCE, which is nice and fun.
I was told that it is better to choose the crypto provider than to use a default one.
I need to choose providers both for symmetric key generation. used by this code (using AES in CBC mode):
Key sharedKey = (KeyGenerator.getInstance("AES/CBC/PKCS5PADDING", PROVIDER1).generateKey();
Cipher rsaEncryptor = Cipher.getInstance("RSA/ECB/PKCS1Padding",PROVIDER2);
In general, you should stick to the default provider, unless there is a compelling reason not to. Hard coding your provider has the serious drawback that your code won't allow you to change your provider without rewriting your code. The only reason I would see for choosing a provider directly is to make sure that some security constraints are met, that would not be present for other providers.
The following paragraph is directly from the Oracle documentation:
Reminder: Cryptographic implementations in the JDK are distributed through several different providers ("Sun", "SunJSSE", "SunJCE", "SunRsaSign") for both historical reasons and by the types of services provided. General purpose applications SHOULD NOT request cryptographic services from specific providers. That is:
getInstance("...", "SunJCE"); // not recommended vs. getInstance("..."); // recommended
You can still manage to allow other providers to be used by giving them a higher priority (a lower priority indicator, 1 is highest priority) within the
java.security file within the
jre/lib/security path of your runtime. If you want to specify the provider using
getInstance("Algorithm", "Provider") it might be a good idea to make the provider string configurable (e.g. using properties and using