Asymmetric Algorithms and Mechanisms

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.

Diffie-Hellman Key Agreement

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

Diffie-Helman

Y

Y

DH or DHEx

Y

ElGamal

Y

Y

DH

Y
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

DHPrivate key generation
(KeyType_DHPrivate)

Forbidden

DHPrivate default size

1024/160

2048/224

1024/160

DHPrivate key agreement
(Mech_DHKeyExchange)

Forbidden
(including DLIES)

DHExPrivate key generation
(KeyType_DHExPrivate)

DHExPrivate domain parameters

Restricted as per SP800-56Ar3

DHExPrivate key generation minimum size

2048/224 minimum
if |p|=3072, |q|>=256.

DHExPrivate default size

2048/256

DHExPrivate key agreement minimum size

2048

DHExPrivate key agreement
(Mech_DHExKeyExchange)

Forbidden with Cmd_Decrypt
(Permitted with KDF)

ElGamal encryption/decryption
(Mech_ElGamal)

Forbidden

IEEE DLIES with ANSI X9.63 KDF
and 3DES CBC encryption
(Mech_DLIESe3DEShSHA1)

Forbidden

IEEE DLIES with ANSI X9.63 KDF
and AES CBC encryption
(Mech_DLIESeAEShSHA1)

Forbidden

IEEE DLIES with ANSI X9.63 KDF
and AES CBC encryption
(Mech_DLIESeAEShSHA1DHEx)

When a DHEx key is loaded into the module, the domain parameters are validated. If the domain parameters do not match those found in SP800-56Ar3, the validation time is significantly longer. Entrust recommends that you always use SP800-56Ar3 domain parameters.

DSA Signature

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

DSA

Y

Y

DSA

Y
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

DSA key generation
(KeyType_DSA)

DSA key generation sizes

FIPS 186-4 sizes only;
2048 minimum

DSA signature key sizes

FIPS 186-4 sizes only;
2048/224 minimum

DSA signature hashes

RIPEMD160 & SHA-1 forbidden

Legacy DSA domain generation
(KeyType_DSAComm)

Forbidden

Legacy DSA domain generation
(KeyType_DSACommVariableSeed)

FIPS 186-4 DSA domain generation
(KeyType_DSACommFIPS186_3)

DSA SHA-1 signature
(Mech_DSA)

Forbidden

DSA SHA-2 signature
(Mech_DSAhSHA224,
Mech_DSAhSHA256,
Mech_DSAhSHA384,
Mech_DSAhSHA512)

DSA RIPMED160 signature
(Mech_DSAhRIPMED160)

Forbidden

RSA Signature/Encryption

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

RSA

Y

Y

RSA

Y
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

RSA key generation
(KeyType_RSAPrivate)

Strong primes always on1

RSA key generation public modulus size

2048 minimum;
multiple of 2

RSA key generation rules (<1024)

FIPS 186-4 B.3.6

Forbidden

FIPS 186-4 B.3.6

RSA key generation rules (>=1024)

FIPS 186-4 B.3.6

RSA key generation/import public exponent

16-256 bits

RSA signature key sizes

2048 minimum

RSA signature hashes

RIPEMD160 & SHA-1 forbidden

RSA raw encryption/decryption
(any RSA mech with bignum plaintext)

Forbidden with Mech_RSApPKCS1
(pPKCS11), permitted otherwise

RSA PKCS#1 encryption/decryption
(Mech_RSApPKCS1,
Mech_RSApPKCS1pPKCS11 with bytes plaintext)

Forbidden

RSA raw sign/verify
(any RSA mech with bignum plaintext)

Forbidden with Mech_RSApPKCS1
(pPKCS11), permitted otherwise

RSA PKCS#1 any-hash signature
(Mech_RSApPKCS1,
Mech_RSApPKCS1pPKCS11 with bytes/hash plaintext)

Forbidden

RSA PKCS#1 SHA-1 signature
(Mech_RSApPKCS1,
Mech_RSAhSHA1pPKCS1 with bytes/hash plaintext)

Forbidden

RSA PKCS#1 SHA-2 signature
(Mech_RSAhSHA224pPKCS1,
Mech_RSAhSHA256PKCS1,
Mech_RSAhSHA384pPKCS1,
Mech_RSAhSHA512pPKCS1 with bytes/hash plaintext)

RSA PKCS#1 SHA-3 signature
(Mech_RSAhSHA3b224pPKCS1,
Mech_RSAhSHA3b256PKCS1,
Mech_RSAhSHA3b384pPKCS1,
Mech_RSAhSHA3b512pPKCS1 with bytes/hash plaintext)

RSA PSS SHA-1 signature
(Mech_RSAhSHA1pPSS with bytes/hash plaintext)

Forbidden

RSA PSS SHA-2 signature
(Mech_RSAhSHA224pPSS,
Mech_RSAhSHA256pPSS,
Mech_RSAhSHA384pPSS,
Mech_RSAhSHA512pPSS with bytes/hash plaintext)

RSA PSS SHA-3 signature
(Mech_RSAhSHA3b224pPSS,
Mech_RSAhSHA3b256pPSS,
Mech_RSAhSHA3b384pPSS,
Mech_RSAhSHA3b512pPSS with bytes/hash plaintext)

RSA PSS RIPEMD160 signature
(Mech_RSAhRIPMED160pPSS with bytes/hash plaintext)

Forbidden

RSA SHA-1 OAEP encryption
(Mech_RSApOAEP with bytes plaintext)

RSA SHA-2 OAEP encryption
(Mech_RSApOAEPhSHA224,
Mech_RSApOAEPhSHA256,
Mech_RSApOAEPhSHA384,
Mech_RSApOAEPhSHA512 with bytes plaintext)

RSA SHA-3 OAEP encryption
(Mech_RSApOAEPhSHA3b224,
Mech_RSApOAEPhSHA3b256,
Mech_RSApOAEPhSHA3b384,
Mech_RSApOAEPhSHA3b512 with bytes plaintext)

1 FIPS Security Worlds always have "always use strong primes" enabled. This setting is optional for non-FIPS Security Worlds. The "strong primes" algorithm is the only FIPS-compliant RSA keygen algorithm currently offered.

Elliptic Curve Key Agreement

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

ECDH

Y

Y

ECDH or EC

Y

ECIES

N

N

ECDH or EC

N
KeyType_ECPrivate allows a single key to be used for key establishment and signature generation, depending on the permissions in its ACL. If you require FIPS 140 compliance, then additional care must be taken to comply with the rules about using a single key for multiple purposes, such as section 5.2, General Key Management Guidance: Key Usage of SP800-57pt1r5. The HSM can help enforce these rules, for example, by placing the sign permission in a permission group with UseLim_Global (use limit) set to a maximum use count of 1.
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ECC enablement

EllipticCurve feature (enabled by default from firmware V13.5 onwards)

ECC domain parameters

224 minimum; SECP256k1 forbidden;
non-named curves forbidden

ECDH key agreement
(Mech_ECDHKeyExchange)

Forbidden with Cmd_Decrypt
(Permitted with Cmd_DeriveKey)

ECDHC key agreement
(Mech_ECDHCKeyExchange)

Forbidden with Cmd_Decrypt
(Permitted with Cmd_DeriveKey)

ECDH key generation
(KeyType_ECDHPrivate,
KeyType_ECPrivate)

ECDHLax key generation
(KeyType_ECDHLaxPrivate)

Forbidden

ECDHLax key agreement
(Mech_ECDHLaxKeyExchange)

Forbidden

Elliptic Curve Signature

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

ECDSA

Y 1

Y 1

ECDSA or EC

Y

1 FIPS 140 approval is only for use with ECDSA keys, not with EC keys.

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ECC enablement

EllipticCurve feature enabled by default from V13.5 onwards

ECC domain parameters

224 minimum; SECP256k1 forbidden;
non-named curves forbidden

ECDSA key generation
(KeyType_ECDSAPrivate, KeyType_ECPrivate)

ECDSA signature RNG

Never uses unvalidated RNG

ECDSA signature hash

RIPEMD160 & SHA-1 forbidden

ECDSA verify hash

RIPEMD160 forbidden

ECDSA SHA-1 sign
(Mech_ECDSA)

Forbidden

ECDSA SHA-1 verify
(Mech_ECDSA)

ECDSA RIPMED160 sign/verify
(Mech_ECDSAhRIPEMD160)

Forbidden

ECDSA SHA-2 sign/verify
(Mech_ECDSAhSHA224,
Mech_ECDSAhSHA256,
Mech_ECDSAhSHA384,
Mech_ECDSAhSHA512)

ECDSA SHA-3 sign/verify
(Mech_ECDSAhSHA3b224,
Mech_ECDSAhSHA3b256,
Mech_ECDSAhSHA3b384,
Mech_ECDSAhSHA3b512)

ECDSA sign/verify GBCS mode
(Mech_ECDSAhSHA256kGBCS)

Forbidden

X25519/Curve25519 Signature/Encryption

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

X25519

N

N

X25519

Y

Ed25519

N

N

Ed25519

Y
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

Ed25519 key generation
(KeyType_Ed25519Private)

Forbidden

Pure Ed25519 sign/verify
(Mech_Ed25519)

Forbidden

Prehashed Ed25519 sign/verify
(Mech_Ed25519ph)

Forbidden

Prehashed Ed25519 sign/verify with context
(Mech_Ed25519phctx)

Forbidden

X25519 key generation
(KeyType_X25519Private)

Forbidden

X25519 key agreement
(Mech_X25519KeyExchange)

Forbidden

Ed448 Signature

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

Ed448

N

N

Ed448

N
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

Ed448 key generation
(KeyType_Ed448Private)

Forbidden

Pure Ed448 sign/verify
(Mech_Ed448)

Forbidden

Pure Ed448 sign/verify with context
(Mech_Ed448ctx)

Forbidden

Prehashed Ed448 sign/verify
(Mech_Ed448ph)

Forbidden

Prehashed Ed448 sign/verify with context
(Mech_Ed448phctx)

Forbidden

KCDSA Signature

Algorithm FIPS approved in a v1 or v2 Security World FIPS approved in a v3 Security World Key type Supported by
generatekey

KCDSA

N

N

KCDSA

N
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

KCDSA enablement

KISAAlgorithms feature required

KCDSA key generation
(KeyType_KCDSAPrivate)

Forbidden

KCDSA signature
(Mech_KCDSAHASH160,
Mech_KCDSASHA1,
Mech_KCDSASHA224,
Mech_KCDSASHA256,
Mech_KCDSARIPMED160)

Forbidden

KCDSA domain generation
(KeyType_KCDSACommon)

Forbidden