CAUTION: Many of the default algorithms in this Toolkit (originally written nearly 20 years ago) are no longer considered secure. You are recommended explicitly to use at least the following minimum-strength algorithms:
| Algorithm | Default | Minimum recommended | Option to use |
|---|---|---|---|
| Message digest | SHA-1 | SHA-256 | PKI_HASH_SHA256 |
| HMAC | HMAC-SHA-1 | HMAC-SHA-256 | PKI_HMAC_SHA256 |
| RSA signature | sha1WithRSAEncryption | sha256WithRSAEncryption | PKI_SIG_RSA_SHA256 |
| RSA encryption scheme | RSAES-PKCS1-v1_5 | RSAES-OAEP | PKI_EME_OAEP |
| Password-based encryption | pbeWithSHAAnd3-KeyTripleDES-CBC | "pkcs5PBES2" using pkcs5PBKDF2 with "aes128-CBC" | PKI_PBE_PBKDF2_AES128 |
| Symmetric encryption | des-EDE3-CBC | aes128-CBC/AES-128-GCM* | PKI_BC_AES128/PKI_AEAD_AES_128_GCM |
* Use the CIPHER_EncryptAEAD function or
Cipher.EncryptAEAD Method for AES-GCM.
We did consider changing the default options to reflect the above recommendations, but realised it would break too many existing applications. So we've just added warnings to the various parts of the manual, which we know you all read in detail.