Available Functions

Overview

The module’s firmware automatically detects which algorithms it supports. These algorithms are advertised when the provider first starts up. The provider conservatively advertises only those mechanisms that are supported by all installed modules in the system.

Certain algorithms are not supported in older firmware versions. We recommend upgrading your module to the latest firmware version appropriate for your environment.

Supported Algorithms and Modes

The following table indicates the available cipher modes for each cipher.

Supported Cipher Modes
Cipher	CBC	CFB	CTR	ECB	OFB	GCM
AESWrap				X
ArcFour
CAST256	X	X	X	X	X
DES2	X	X	X	X	X
DES	X	X	X	X	X
DESede	X	X	X	X	X
DESedeWrap	X
ECIES¹
Rijndael	X	X	X	X	X	X
RSA				X

The annotation ¹ in the Supported Cipher Modes table indicates ciphers that support key wrap and unwrap only.

Supported Padding Types

The following table indicates the available padding types for each cipher.

Supported Padding Types
Cipher	ANSI X9.23	ISO 10126	ISO 7816	None	OAEP	PKCS #5	Zero byte
AESWrap				X
ArcFour
CAST256	X	X	X	X		X	X
DES2	X	X	X	X		X	X
DES	X	X	X	X		X	X
DESede	X	X	X	X		X	X
DESedeWrap				X
ECIES¹
Rijndael	X	X	X	X		X	X
RSA				X	X

The annotation ¹ in the Supported Padding Types table indicates ciphers that support key wrap and unwrap only.

Key Sizes and Supported Functions

The tables in this section categorizes algorithms by their primary function and indicate which functions are supported for each algorithm. These categories include:

Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Key Agreement Algorithms
Digital Signature Algorithms
Message Authentication Code (MAC) Algorithms
Cryptographic Hash Functions (Message Digests)
Secure Random Number Generators
Miscellaneous/Provider-Specific/Non-Cryptographic Entries

Each table also includes a Key Length column (measured in bits) for generation and signing operations, indicating the supported key sizes for each algorithm.

The Available Functions table below defines the abbreviations used in the upcoming tables to indicate which functions are supported for each algorithm.

Available Functions
Code	Description
KG	Key Generator
KPG	Key Pair Generator
SIG	Signature
CIP	Cipher
KA	Key Agreement
KF	Key Factory
MAC	Message Authentication Code
MD	Message Digest
RNG	Secure Random Number Generator

Symmetric Encryption Algorithms (Block and Stream Ciphers)

The Symmetric Encryption Algorithms table below lists algorithms that provide confidentiality using a shared secret key.

Symmetric Encryption Algorithms
Algorithm	Key Length	KG	CIP
AESWrap			Y
Arcfour	8, 16 to 2048	Y¹	Y¹
CAST256	128, 192, 256	Y¹	Y¹
DES	64	Y¹	Y¹
DESede	192	Y	Y
DES2	128	Y	Y
DESedeWrap			Y
Rijndael		Y	Y

The annotation ¹ indicates algorithms that are not supported in FIPS 140 Level 3 Security Worlds.

Asymmetric Encryption Algorithms (Public-Key Ciphers)

The Asymmetric Encryption Algorithms table below lists algorithms that support encryption and decryption using public and private keys.

Asymmetric Encryption Algorithms
Algorithm	Key Length	KG	KPG	SIG	CIP	KA	KF	MAC	MD	RNG
RSA	512+		Y		Y		Y
RawRSA				Y

Key Agreement Algorithms

The Key Agreement Algorithms table below lists algorithms that establish shared secrets between parties.

Key Agreement Algorithms
Algorithm	KPG	KA	KF
DH	Y	Y	Y
ECDH	Y	Y	Y
ECDHwithSHA1KDF		Y
ECDHwithSHA224KDF		Y
ECDHwithSHA256KDF		Y
ECDHwithSHA384KDF		Y
ECDHwithSHA512KDF		Y

Digital Signature Algorithms

The Digital Signature Algorithms table below lists algorithms that provide authentication, integrity, and non-repudiation.

Digital Signature Algorithms
Algorithm	Key Length	KPG	SIG	KF
DSA	1024	Y		Y
ECDSA		Y		Y
EdDSA	256	Y		Y
Ed25519	256	Y	Y
Ed25519ph			Y
Ed448	456	Y	Y
Ed448ph			Y
MD5andSHA1withRSA			Y
MD5withRSA			Y
RIPEMD160withRSA			Y¹
RIPEMD160withRSAandMGF1	322+		Y¹
SHA1withDSA			Y
SHA1withECDSA			Y
SHA1withRSA			Y
SHA1withRSAandMGF1	322+		Y
SHA224withDSA			Y
SHA224withECDSA			Y
SHA224withRSA			Y
SHA224withRSAandMGF1	450+		Y
SHA256withDSA			Y
SHA256withECDSA			Y
SHA256withRSA			Y
SHA256withRSAandMGF1	514+		Y
SHA384withDSA			Y
SHA384withECDSA			Y
SHA384withRSA			Y
SHA384withRSAandMGF1	770+		Y
SHA512withDSA			Y
SHA512withECDSA			Y
SHA512withRSA			Y
SHA512withRSAand MGF1	1026+		Y

The annotation ¹ indicates algorithms that are not supported in FIPS 140 Level 3 Security Worlds.

Message Authentication Code (MAC) Algorithms

The MAC Algorithms table below lists algorithms that provide integrity and authenticity using a shared secret.

MAC Algorithms
Algorithm	Key Length	KG	MAC
HmacMD5		Y¹	Y¹
HmacRIPEMD160	8, 16 to 2048	Y¹	Y¹
HmacSHA1	8, 16 to 2048	Y	Y
HmacSHA224	8, 16 to 2048	Y	Y
HmacSHA256	8, 16 to 2048	Y	Y
HmacSHA384	8, 16 to 2048	Y	Y
HmacSHA512	8, 16 to 2048	Y	Y
HmacTiger	8, 16 to 2048	Y¹	Y¹

The annotation ¹ indicates algorithms that are not supported in FIPS 140 Level 3 Security Worlds.

Cryptographic Hash Functions (Message Digests)

The Cryptographic Hash Functions table below lists algorithms that produce fixed-size digests for integrity checks.

Cryptographic Hash Functions
Algorithm	Key Length	KG	CIP	MD
MD5				Y¹
RIPEMD160				Y¹
SHA1				Y
SHA224				Y
SHA256				Y
SHA384				Y
SHA512				Y
Tiger	8, 16 to 256	Y	Y	Y¹

The annotation ¹ indicates algorithms that are not supported in FIPS 140 Level 3 Security Worlds.

Secure Random Number Generators

The Secure Random Number Generators table below lists algorithms that generate cryptographically secure randomness.

Secure Random Number Generators
Algorithm	Key Length	KG	KPG	SIG	CIP	KA	KF	MAC	MD	RNG
RNG										Y

Miscellaneous/Provider-Specific/Non-Cryptographic Entries

The Miscellaneous/Provider-Specific/Non-Cryptographic Entries table below lists entries that do not represent standalone cryptographic algorithms or are provider-specific identifiers.

Miscellaneous/Provider-Specific/Non-Cryptographic Entries
Algorithm	Key Length	KG	KPG	SIG	CIP	KA	KF	MAC	MD	RNG
nCipher.sworld