The algorithms available is dependent on the JCRE implementors ( G&D, Gemplus, etc...). Look at the API for a list of keylengths that aren't allowed due to export restrictions.
Check your vendors cards to see whats on them.

Usually DES/DEDede is the minimal norm. RSA is available also with a coprocessor.

The crypto is implemented just like any Java extension.