In general, you should stick to the default provider, unless there is a compelling reason not to. Hard coding your provider has the serious drawback that your code won't allow you to change your provider without rewriting your code. The only reason I would see for choosing a provider directly is to make sure that some security constraints are met, that would not be present for other providers.
The following paragraph is directly from the Oracle documentation:
Reminder: Cryptographic implementations in the JDK are distributed through several different providers ("Sun", "SunJSSE", "SunJCE", "SunRsaSign") for both historical reasons and by the types of services provided. General purpose applications SHOULD NOT request cryptographic services from specific providers. That is:
getInstance("...", "SunJCE"); // not recommended vs. getInstance("..."); // recommended
You can still manage to allow other providers to be used by giving them a higher priority (a lower priority indicator, 1 is highest priority) within the java.security
file within the jre/lib/security
path of your runtime. If you want to specify the provider using getInstance("Algorithm", "Provider")
it might be a good idea to make the provider string configurable (e.g. using properties and using myConfig.getProperty("Provider")
).