Cryptographic algorithms

Symmetric algorithms

Symmetric Algorithms
Algorithm	FIPS approved in a v1 or v2 Security World	FIPS approved in a v3 Security World	Key type	Supported by generatekey
AES	Y	Y	AES or Rijndael	Y
Arcfour	N	N	Arcfour	N
ARIA	N	N	Aria	N
Camellia	N	N	Camellia	N
CAST 256	N	N	CAST256	N
DES	N	N	DES	N
DES2	Y	N	DES2	Y
Triple DES	Y	N ¹	Triple DES	Y
MD5 HMAC	N	N	HMACMD5	N
RIPEMD160 HMAC	N	N	HMACRIPEMD160	N
SEED	N	N	SEED	N
SHA-1 HMAC	Y	Y	HMACSHA1	Y
SHA-224 HMAC	Y	Y	HMACSHA224	N
SHA-256 HMAC	Y	Y	HMACSHA256	Y
SHA-384 HMAC	Y	Y	HMACSHA384	Y
SHA-512 HMAC	Y	Y	HMACSHA512	Y
Tiger HMAC	N	N	HMACTiger	N

Symmetric Algorithms

Algorithm

FIPS approved in a v1 or v2 Security World

FIPS approved in a v3 Security World

Key type

Supported by
generatekey

AES

Y

AES or Rijndael

Y

Arcfour

N

Arcfour

N

ARIA

N

Aria

N

Camellia

N

Camellia

N

CAST 256

N

CAST256

N

DES

N

DES

N

DES2

Y

N

DES2

Y

Triple DES

Y

N ¹

Triple DES

Y

MD5 HMAC

N

HMACMD5

N

RIPEMD160 HMAC

N

HMACRIPEMD160

N

SEED

N

SEED

N

SHA-1 HMAC

Y

HMACSHA1

Y

SHA-224 HMAC

Y

HMACSHA224

N

SHA-256 HMAC

Y

HMACSHA256

Y

SHA-384 HMAC

Y

HMACSHA384

Y

SHA-512 HMAC

Y

HMACSHA512

Y

Tiger HMAC

N

HMACTiger

N

¹ Not FIPS 140-2 approved for encryption operations, but available for decryption operations.

Asymmetric algorithms

Asymmetric Algorithms
Algorithm	FIPS approved in a v1 or v2 Security World	FIPS approved in a v3 Security World ¹	Key type	Supported by generatekey
Diffie-Hellman	Y	Y	DH or DHEx	Y
DSA	Y	Y	DSA	Y
ECDH	Y ²	Y ²	ECDH or EC ³	Y
ECDSA	Y ⁴	Y ⁴	ECDSA or EC	Y
ECIES	N	N	ECDH or EC	N
Ed25519	N	N	Ed25519	N
El Gamal	Y	Y	DH	Y
KCDSA	N	N	KCDSA	N
RSA	Y	Y	RSA	Y
X25519	N	N	X25519	N

Asymmetric Algorithms

Algorithm

FIPS approved in a v1 or v2 Security World

FIPS approved in a v3 Security World ¹

Key type

Supported by
generatekey

Diffie-Hellman

Y

DH or DHEx

Y

DSA

Y

DSA

Y

ECDH

Y ²

ECDH or EC ³

Y

ECDSA

Y ⁴

ECDSA or EC

Y

ECIES

N

ECDH or EC

N

Ed25519

N

Ed25519

N

El Gamal

Y

DH

Y

KCDSA

N

KCDSA

N

RSA

Y

RSA

Y

X25519

N

X25519

N

¹ Some insecure key sizes are non-FIPS 140-2 approved.

² FIPS 140-2 approval is only for use with ECDH keys, not with EC keys, but see ³ for exception.

³ FIPS 140-2 allows an EC key to be used as an ECDH key for a single use-case. In this use case, an ECDH key is allowed to perform a single signing of a Certificate Signing Request (CSR), so that a certificate for the ECDH key can be generated.

⁴ FIPS 140-2 approval is only for use with ECDSA keys, not with EC keys.

FIPS information

The latest guidance from the National Institute of Standards and Technology (NIST) is that

A module is only operating in a FIPS approved mode when it uses FIPS 140-2 approved algorithms, and the algorithms are used with keys of an FIPS approved key length or elliptic curve.

When a module is initialized into FIPS 140-2 Level 3 mode, you are only offered FIPS-approved algorithms. If you have a Security World created to comply with FIPS 140-2 Level 3 and have any protocols that use algorithms not approved by FIPS, you must either migrate to a FIPS 140-2 Level 2 Security World or change your protocols. If you have a Security World created to comply with FIPS 140-2 Level 3 and have existing long-term keys for unapproved algorithms, then these keys cannot be used with the current firmware. In such a case, we recommend that you either migrate your Security World to a FIPS 140-2 Level 2 Security World or replace these keys with approved keys before upgrading to the current firmware.

These changes do not affect Security Worlds that were created to comply with FIPS 140-2 Level 2, nor do they affect systems that use the nShield module to protect long-term keys but perform encryption with session keys on the host (as is the case with the nShield MSCAPI, and PKCS #11 libraries).

Some algorithms that are shown are not FIPS-approved for encryption or signing operations but may still be available for decryption or verification operations.

To obtain more details on the specific algorithms that are FIPS approved for use in the HSM, refer to the nShield Security Policy for the particular FIPS CMVP certified nShield product that you are using. The FIPS CMVP certificates for nShield products can be found at https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search, and the Security Policy is linked from the FIPS CMVP certificate.

Compatibility with v1 and v2 Security Worlds

If the firmware on an HSM is upgraded to v12.50 or later, a v2 or v2 Security World that was FIPS 140-2 Level 3 compliant will no longer be FIPS compliant.

It is possible to create a FIPS-conforming Security World from a host server that is running Security World v12.50 or later as long as the HSM is running v12.50 or later firmware. However your solution won’t be FIPS certifiable unless you are running the exact version of firmware that has been FIPS 140-2 certified.

These changes do not affect Security Worlds that were created to comply with FIPS 140-2 Level 2, nor do they affect systems that use the nShield module to protect long-term keys but perform encryption with session keys on the host (as is the case with the nShield MSCAPI, and PKCS #11 libraries).