All Products
Search
Document Center

Mechanisms

Last Updated: Jan 08, 2021

The PKCS #11 library supports the following algorithms:

  • Encryption and decryption: AES-CBC, AES-CTR, AES-ECB, AES-GCM, DES3-CBC, DES3-ECB, RSA-OAEP, and RSA-PKCS

  • Sign and verify: RSA, HMAC, and ECDSA; with and without hashing

  • Hash/digest: SHA1, SHA224, SHA256, SHA384, and SHA512

  • Key wrap: AES Key Wrap, AES-GCM, RSA-AES, and RSA-OAEP

  • Key derivation: ECDH

Supported key generation mechanisms

  • CKM_GENERIC_SECRET_KEY_GEN

  • CKM_DES3_KEY_GEN

  • CKM_AES_KEY_GEN

  • CKM_RSA_PKCS_KEY_PAIR_GEN

  • CKM_EC_KEY_PAIR_GEN

Supported sign and verify mechanisms

  • CKM_SHA1_RSA_PKCS

  • CKM_SHA224_RSA_PKCS

  • CKM_SHA256_RSA_PKCS

  • CKM_SHA384_RSA_PKCS

  • CKM_SHA512_RSA_PKCS

  • CKM_RSA_PKCS_PSS

  • CKM_SHA1_RSA_PKCS_PSS

  • CKM_SHA224_RSA_PKCS_PSS

  • CKM_SHA256_RSA_PKCS_PSS

  • CKM_SHA384_RSA_PKCS_PSS

  • CKM_SHA512_RSA_PKCS_PSS

  • CKM_ECDSA

  • CKM_ECDSA_SHA1

  • CKM_ECDSA_SHA224

  • CKM_ECDSA_SHA256

  • CKM_ECDSA_SHA384

  • CKM_ECDSA_SHA512

  • CKM_SHA_1_HMAC

  • CKM_SHA224_HMAC

  • CKM_SHA256_HMAC

  • CKM_SHA384_HMAC

  • CKM_SHA512_HMAC

Supported digest mechanisms

  • CKM_SHA_1

  • CKM_SHA224

  • CKM_SHA256

  • CKM_SHA384

  • CKM_SHA512

Supported encrypt and decrypt mechanisms

  • CKM_DES3_CBC

  • CKM_DES3_CBC_PAD

  • CKM_DES3_ECB

  • CKM_AES_CBC

  • CKM_AES_CBC_PAD

  • CKM_AES_ECB

  • CKM_AES_CTR

  • CKM_AES_GCM

  • CKM_CLOUDHSM_AES_GCM

  • CKM_AES_KEY_WRAP

  • CKM_AES_KEY_WRAP_PAD

  • CKM_AES_KEY_WRAP_NO_PAD

  • CKM_AES_KEY_WRAP_PKCS5_PAD

  • CKM_RSA_PKCS

  • CKM_RSA_PKCS_OAEP

Supported derive key mechanisms

  • CKM_ECDH1_DERIVE

Supported wrap and unwrap mechanisms

  • CKM_AES_GCM

  • CKM_CLOUDHSM_AES_GCM

  • CKM_AES_KEY_WRAP

  • CKM_AES_KEY_WRAP_PAD

  • CKM_AES_KEY_WRAP_NO_PAD

  • CKM_AES_KEY_WRAP_PKCS5_PAD

  • CKM_RSA_AES_KEY_WRAP

  • CKM_DES3_NIST_WRAP

  • CKM_RSA_PKCS

  • CKM_RSA_PKCS_OAEP