Mechanisms
The following table lists the mechanisms currently supported by the nShield PKCS #11 library and the functions available to each one. Entrust also provides vendor-supplied mechanisms, described in Vendor-defined mechanisms.
Some mechanisms may be restricted from use in Security Worlds conforming to FIPS 140 Level 3. See the User Guide for your HSM for more information. |
Mechanism | Encrypt & Decrypt | Sign & Verify | SR & VR | Digest | Gen. Key/Key Pair | Wrap & Unwrap | Derive Key |
---|---|---|---|---|---|---|---|
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y |
— |
|
Y |
— |
— |
— |
— |
Y1 |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
Y |
— |
— |
— |
— |
X |
— |
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y1 |
— |
|
Y |
— |
— |
— |
— |
Y13 |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
— |
Y |
— |
|
Y |
— |
— |
— |
— |
Y |
— |
|
Y |
— |
— |
— |
— |
Y |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
— |
— |
Y3 |
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y |
— |
|
Y |
— |
— |
— |
— |
Y |
— |
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y |
— |
|
Y |
— |
— |
— |
— |
Y1 |
— |
|
— |
— |
— |
— |
— |
— |
Y |
|
Y |
— |
— |
— |
— |
Y1 |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
— |
— |
Y |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y4 |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
Y5 |
— |
— |
|
— |
— |
— |
— |
Y6 |
— |
— |
|
— |
— |
— |
— |
Y5 |
— |
— |
|
— |
— |
— |
— |
— |
— |
Y7 |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
— |
— |
|
|
— |
Y4 |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
— |
— |
— |
— |
Y9 |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
Y |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
|
|
— |
— |
— |
— |
— |
— |
Y |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y4 |
Y4 |
— |
— |
— |
— |
|
— |
— |
— |
— |
— |
Y14 |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
Y |
— |
— |
— |
— |
Y |
— |
|
Y |
Y |
— |
— |
— |
— |
— |
|
Y4 |
Y4 |
Y4 |
— |
— |
Y |
— |
|
Y4 |
Y4 |
Y4 |
— |
— |
X |
— |
|
— |
— |
— |
— |
Y |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y10 |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
Y |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
Y |
— |
— |
— |
— |
— |
|
— |
— |
— |
— |
— |
— |
Y12 |
The nShield library supports some mechanisms that are defined in versions of the PKCS #11 standard later than 2.01, although the nShield library does not fully support versions of the PKCS #11 standard later than 2.01.
In the table above:
-
Empty cells indicate mechanisms that are not supported by the PKCS #11 standard.
-
The entry Y indicates that a mechanism is supported by the nShield PKCS #11 library.
-
The entry X indicates that a mechanism is not supported by the nShield PKCS #11 library.
In the table above, annotations with the following numbers indicate:
Footnote 3
Before you can create a key for use with the derive mechanism CKM_CONCATENATE_BASE_AND_KEY
, you must specify the CKA_ALLOWED_MECHANISMS
attribute in the template with the CKM_CONCATENATE_BASE_AND_KEY
set.
Specifying the CKA_ALLOWED_MECHANISMS
in the template enables the setting of the nCore level ACL, which enables the key in this derive key operation.
For more information about the CKA_ALLOWED_MECHANISMS
attribute, see Attributes.
Footnote 6
If no capabilities are specified in the template, for example the CKA_DERIVE
, CKA_SIGN
and CKA_UNWRAP
attributes are omitted, then the default capability is sign/verify.
Key generation does calculate its own curves but, as shown in the PKCS #11 standard, takes the CKA_PARAMS
, which contains the curve information (similar to that of a discrete logarithm group in the generation of a DSA key pair).
CKA_EC_PARAMS
is a Byte array which is DER-encoded of an ANSI X9.62 Parameters value.
It can take both named curves and custom curves.
The following PKCS #11-specific flags describe which curves are supported:
-
CKF_EC_P
: prime curve supported -
CKF_EC_2M
: binary curve supported -
CKF_EC_PARAMETERS
: supplying your own custom parameters is supported -
CKF_EC_NAMECURVE
: supplying a named curve is supported -
CKF_EC_UNCOMPRESS
: supports uncompressed form only, compressed form not supported.
Footnote 7
The CKM_ECDH1_DERIVE
mechanism is supported.
However, the mechanism only takes a CK_ECDH1_DERIVE_PARAMS
struct in which CK_EC_KDF_TYPE
can be one of the following:
-
CKD_NULL
-
CKD_SHA1_KDF
,CKD_SHA1_KDF_SP800
-
CKD_SHA224_KDF
,CKD_SHA224_KDF_SP800
-
CKD_SHA256_KDF
,CKD_SHA256_KDF_SP800
-
CKD_SHA384_KDF
,CKD_SHA384_KDF_SP800
-
CKD_SHA512_KDF
,CKD_SHA512_KDF_SP800
For more information on CK_ECDH1_DERIVE_PARAMS
, see the PKCS #11 standard.
For the pPublicData*
parameter, a raw octet string value (as defined in section A.5.2 of ANSI X9.62) and DER-encoded ECPoint value (as defined in section E.6 of ANSI X9.62 or, in the case of CKK_EC_MONTGOMERY
, RFC 7748) are now accepted.
Footnote 8
Both the Ed25519
and Ed25519ph
signature schemes are supported, The Ed25519
scheme requires either no CK_EDDSA_PARAMS
to be passed or if it is passed it should have the following set:
-
phFlag
toCK_FALSE
-
ulContextDataLen
to0
.
The Ed25519ph
signature scheme requires CK_EDDSA_PARAMS
to have the following set:
-
phFlag
toCK_TRUE
-
ulContextDataLen
to0
.
Footnote 10
This mechanism depends on the vendor-defined key generation mechanism CKM_NC_SHA_1_HMAC_KEY_GEN
, CKM_NC_SHA224_HMAC_KEY_GEN
, CKM_NC_SHA256_HMAC_KEY_GEN
, CKM_NC_SHA384_HMAC_KEY_GEN
, or CKM_NC_SHA512_HMAC_KEY_GEN
.
For more information, see Vendor-defined mechanisms.
Footnote 11
The hashAlg
and the mgf
that are specified by the CK_RSA_PKCS_PSS_PARAMS
must have the same SHA hash size.
If they do not have the same hash size, then the signing or verify fails with a return value of CKR_MECHANISM_PARAM_INVALID
.
The sLen
value is expected to be the length of the message hash.
If this is not the case, then the signing or verify again fails with a return value of CKR_MECHANISM_PARAM_INVALID
.
The Security World Software implementation of RSA_PKCS_PSS
salt lengths are as follows:
Mechanism | Salt-length |
---|---|
SHA-1 |
160-bit |
SHA-224 |
224-bit |
SHA-256 |
256-bit |
SHA-384 |
384-bit |
SHA-512 |
512-bit |
SHA3-224 |
224-bit |
SHA3-256 |
256-bit |
SHA3-384 |
384-bit |
SHA3-512 |
512-bit |
Footnote 12
The base key and the derived key are restricted to DES
, DES3
, CAST5
or Generic
, though they may be of different types.
Footnote 13
For wrap and unwrap with CKM_AES_GCM
, the IV
supplied in the CKM_GCM_PARAMS
structure must be 12 bytes. For wrap the IV must be all zeroes. This will be overwritten by the actual value used when the wrap command has completed successfully. For unwrap the IV
must be the value returned by the corresponding wrap.
Footnote 14
In order to create an unwrapping key for use with the mechanism CKM_RSA_AES_KEY_WRAP
where CKA_UNWRAP_TEMPLATE
is also set, you must:
-
Specify the
CKA_ALLOWED_MECHANISMS
attribute in the template withCKM_RSA_AES_KEY_WRAP
set as an allowed mechanism. -
Override the Security Assurance Mechanisms (SAMs) to permit use of
CKA_UNWRAP_TEMPLATE
with the mechanismCKM_RSA_AES_KEY_WRAP
.
Specifying the CKA_ALLOWED_MECHANISMS
attribute in the template and overriding the SAMs enables use of the CKA_UNWRAP_TEMPLATE
attribute with the unwrapping key.
Keys with CKA_WRAP_WITH_TRUSTED
set cannot be wrapped with the mechanism CKM_RSA_AES_KEY_WRAP
. The C_WrapKey
operation will return CKR_KEY_NOT_WRAPPABLE
for such keys.
For more information about the SAMs, see PKCS #11 security assurance mechanism. For more information about the CKA_ALLOWED_MECHANISMS
attribute, see Attributes.