All Products
Search
Document Center

Supported mechanisms

Last Updated: Apr 08, 2021

This topic describes the supported secure random algorithms, key types, message digests, MAC/HMAC algorithms, maximum encryption and decryption lengths, and signatures by the JCE Provider.

Supported secure random algorithms

Algorithm

Size

AES-CTR-DRBG (FIPS compliant)

The AES-CTR-DRBG secure random algorithm can generate up to 8000 bytes of random number within the HSM for each API call.

Supported key types

Algorithm

Supported Size (bits)

AES

128, 192, 256 (default)

RSA key pairs

2048, 2304, 2560, 2816,3072, 3328, 3584, 3840,4096 (default)

Triple DES (DESede)

192

EC key pairs

NIST P256NIST P384 (No default value because the key must be constructed using a standard name.)

XDH key pairs

X25519

ECC curve

secp256k1

HMAC

HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512

Supported message digests

Digest name

AES-CMAC

SHA-1

SHA-224

SHA-256

SHA-384

SHA-512

Supported MAC/HMAC algorithms

Algorithm

JCA name

HmacSHA1

HmacSHA1, Hmac128SHA1

HmacSHA224

HmacSHA224, Hmac128SHA224

HmacSHA256

HmacSHA256, Hmac128SHA256

HmacSHA384

HmacSHA384, Hmac256SHA384

HmacSHA512

HmacSHA512, Hmac256SHA512

AESCMAC

AESCMAC

Supported maximum encryption and decryption lengths

Algorithm

Encryption Maximum Length

Decryption Maximum Length

AES-CBC

No max limit

No max limit

AES-CCM

16000 bytes

16000 bytes

AES-CTR

No max limit

No max limit

AES-ECB

No max limit

No max limit

AES-GCM

16000 bytes

16000 bytes

DESede-CBC

No max limit

No max limit

DESede-ECB

No max limit

No max limit

Supported signatures

Algorithm

Signatures

JCA name

EC

NONE with ECDSA

NONEwithECDSA

SHA1 with ECDSA

SHA1withECDSA

SHA224 with ECDSA

SHA224withECDSA

SHA256 with ECDSA

SHA256withECDSA

SHA384 with ECDSA

SHA384withECDSA

SHA512 with ECDSA

SHA512withECDSA

RSA/PKCS1.5

NONEwithRSA

NONEwithRSA

SHA1 with RSA

SHA1withRSA

SHA224 with RSA

SHA224withRSA

SHA256 with RSA

SHA256withRSA

SHA384 with RSA

SHA384withRSA

SHA512 with RSA

SHA512withRSA

PSS

PSS SHA1 with RSA

SHA1withRSA/PSS SHA1withRSAandMGF1

PSS SHA224 with RSA

SHA224withRSA/PSS SHA224withRSAandMGF1

PSS SHA256 with RSA

SHA256withRSA/PSS SHA256withRSAandMGF1

PSS SHA384 with RSA

SHA384withRSA/PSS SHA384withRSAandMGF1

PSS SHA512 with RSA

SHA512withRSA/PSS SHA512withRSAandMGF1