===== 9.5 Security and Crypto Packages =====

The **getInstance** method in the following classes returns an implementation instance in the context of the calling applet of the requested algorithm: 

javacard.security.MessageDigest 

javacard.security.InitializedMessageDigest 

javacard.security.Signature 

javacard.security.RandomData 

javacard.security.KeyAgreement 

javacard.security.Checksum 

javacardx.crypto.Cipher 

An implementation of the Java Card RE may implement zero or more of the algorithms listed in the **//Application Programming Interface, Java Card Platform, Version 2.2.2//**. When an algorithm that is not implemented is requested, this method shall throw a **CryptoException** with reason code **NO_SUCH_ALGORITHM**. 

Implementations of the above classes shall extend the corresponding base class and implement all the abstract methods. All data allocation associated with the implementation instance shall be performed at the time of instance construction to ensure that any lack of required resources can be flagged early during the installation of the applet. 

Similarly, the **buildKey** method of the **javacard.security.KeyBuilder** class returns an implementation instance of the requested Key type. The Java Card RE may implement zero or more types of keys. When a key type that is not implemented is requested, the method shall throw a **CryptoException** with reason code **NO_SUCH_ALGORITHM**. 

In the same fashion, the constructor for the **javacard.security.KeyPair** class creates a **KeyPair** instance for the specified key type. The Java Card RE may implement zero or more types of keys. When a key type that is not implemented is requested, the method shall throw a **CryptoException** with reason code **NO_SUCH_ALGORITHM**. 

Implementations of key types shall implement the associated interface. All data allocation associated with the key implementation instance shall be performed at the time of instance construction to ensure that any lack of required resources can be flagged early during the installation of the applet. 

The **MessageDigest** object uses temporary storage for intermediate results when the **update()** method is invoked. This intermediate state need not be preserved across power up and reset. The object is reset to the state it was in when previously initialized via a call to **reset()**. 

The **Signature** and **Cipher** objects use temporary storage for intermediate results when the **update()** method is invoked. This intermediate state need not be preserved across power up and reset. The object is reset to the state it was in when previously initialized via a call to **init()**. 

The Checksum object uses temporary storage for intermediate results when the **update()** method is invoked. This intermediate state need not be preserved across power up and reset. The object is reset to the state it was in when previously initialized upon a tear or card reset event.