Available Functions

Available functions

The module firmware automatically detects which algorithms it can support. These algorithms are advertised when the provider first starts up. The provider conservatively advertises only those mechanisms that are supported by all installed modules in the system.

Certain algorithms are not supported by older versions of firmware. We recommend that you ensure that your module is upgraded to the most recent version of firmware appropriate for your environment.

The following table indicates the cipher modes available for each cipher.

Cipher CBC CFB CTR ECB OFB GCM

AESWrap

X

ArcFour

CAST256

X

X

X

X

X

DES2

X

X

X

X

X

DES

X

X

X

X

X

DESede

X

X

X

X

X

DESedeWrap

X

ECIES1

Rijndael

X

X

X

X

X

X

RSA

X

In the table above, annotations with the following numbers indicate:

1 These ciphers support key wrap and unwrap only.

The following table indicates the padding types available for each cipher.

Cipher ANSI X9.23 ISO 10126 ISO 7816 None OAEP PKCS #1 PKCS #5 Zero byte

AESWrap

X

ArcFour

CAST256

X

X

X

X

X

X

DES2

X

X

X

X

X

X

DES

X

X

X

X

X

X

DESede

X

X

X

X

X

X

DESedeWrap

X

ECIES1

Rijndael

X

X

X

X

X

X

RSA

X

X

In the table above, annotations with the following numbers indicate:

1 These ciphers support key wrap and unwrap only.

Algorithm Key length in bits for generation or signing table header 01 keygenerator table header 02 keypairgenerator table header 03 signature table header 04 cipher table header 05 keyagreement table header 06 keyfactory table header 07 keysafe table header 08 mac table header 09 messagedigest table header 10 securerandom

AESWrap

Y

Arcfour

8, 16 to 2048

Y1

Y1

CAST256

128, 192, 256

Y1

Y1

DES

64

Y1

Y1

DESede

192

Y

Y

DES2

128

Y

Y

DESedeWrap

Y

DH

Y

Y

Y

DSA

1024

Y

Y

ECDH

Y

Y

Y

ECDHwithSHA1KDF

Y

ECDHwithSHA224KDF

Y

ECDHwithSHA256KDF

Y

ECDHwithSHA384KDF

Y

ECDHwithSHA512KDF

Y

ECDSA

Y

Y

EdDSA

256

Y1

Y1

Ed25519

256

Y1

Y1

Ed25519ph

Y1

HmacMD5

Y1

Y1

HmacRIPEMD160

8, 16 to 2048

Y1

Y1

HmacSHA1

8, 16 to 2048

Y

Y

HmacSHA224

8, 16 to 2048

Y

Y

HmacSHA256

8, 16 to 2048

Y

Y

HmacSHA384

8, 16 to 2048

Y

Y

HmacSHA512

8, 16 to 2048

Y

Y

HmacTiger

8, 16 to 2048

Y1

Y1

MD5

Y1

MD5andSHA1withRSA

Y

MD5withRSA

Y

nCipher.sworld

Y

Rijndael

Y

Y

RawRSA

Y

RIPEMD160

Y1

RIPEMD160withRSA

Y1

RIPEMD160withRSAandMGF1

322+

Y1

RNG

Y

RSA

512+

Y

Y

Y

SHA1

Y

SHA1withDSA

Y

SHA1withECDSA

Y

SHA1withRSA

Y

SHA1withRSAandMGF1

322+

Y

SHA224

Y

SHA224withDSA

Y

SHA224withECDSA

Y

SHA224withRSA

Y

SHA224withRSAandMGF1

450+

Y

SHA256

Y

SHA256withDSA

Y

SHA256withECDSA

Y

SHA256withRSA

Y

SHA256withRSAandMGF1

514+

Y

SHA384

Y

SHA384withDSA

Y

SHA384withECDSA

Y

SHA384withRSA

Y

SHA384withRSAandMGF1

770+

Y

SHA512

Y

SHA512withDSA

Y

SHA512withECDSA

Y

SHA512withRSA

Y

SHA512withRSAand MGF1

1026+

Y

Tiger

8, 16 to 256

Y

Y

Y1

In the table above, annotations with the following numbers indicate:

1 These algorithms are not supported in FIPS 140 Level 3 Security Worlds.