All Products
Search

This Product

    Cloud Hardware Security Module (HSM):Supported mechanisms

    Document Center

    Cloud Hardware Security Module (HSM):Supported mechanisms

    Last Updated:Apr 08, 2021

    This topic describes the supported secure random algorithms, key types, message digests, MAC/HMAC algorithms, maximum encryption and decryption lengths, and signatures by the JCE Provider.

    Supported secure random algorithms

    Algorithm

    Size

    AES-CTR-DRBG (FIPS compliant)

    The AES-CTR-DRBG secure random algorithm can generate up to 8000 bytes of random number within the HSM for each API call.

    Supported key types

    Algorithm

    Supported Size (bits)

    AES

    128, 192, 256 (default)

    RSA key pairs

    2048, 2304, 2560, 2816,3072, 3328, 3584, 3840,4096 (default)

    Triple DES (DESede)

    192

    EC key pairs

    NIST P256NIST P384 (No default value because the key must be constructed using a standard name.)

    XDH key pairs

    X25519

    ECC curve

    secp256k1

    HMAC

    HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512

    Supported message digests

    Digest name

    AES-CMAC

    SHA-1

    SHA-224

    SHA-256

    SHA-384

    SHA-512

    Supported MAC/HMAC algorithms

    Algorithm

    JCA name

    HmacSHA1

    HmacSHA1, Hmac128SHA1

    HmacSHA224

    HmacSHA224, Hmac128SHA224

    HmacSHA256

    HmacSHA256, Hmac128SHA256

    HmacSHA384

    HmacSHA384, Hmac256SHA384

    HmacSHA512

    HmacSHA512, Hmac256SHA512

    AESCMAC

    AESCMAC

    Supported maximum encryption and decryption lengths

    Algorithm

    Encryption Maximum Length

    Decryption Maximum Length

    AES-CBC

    No max limit

    No max limit

    AES-CCM

    16000 bytes

    16000 bytes

    AES-CTR

    No max limit

    No max limit

    AES-ECB

    No max limit

    No max limit

    AES-GCM

    16000 bytes

    16000 bytes

    DESede-CBC

    No max limit

    No max limit

    DESede-ECB

    No max limit

    No max limit

    Supported signatures

    Algorithm

    Signatures

    JCA name

    EC

    NONE with ECDSA

    NONEwithECDSA

    SHA1 with ECDSA

    SHA1withECDSA

    SHA224 with ECDSA

    SHA224withECDSA

    SHA256 with ECDSA

    SHA256withECDSA

    SHA384 with ECDSA

    SHA384withECDSA

    SHA512 with ECDSA

    SHA512withECDSA

    RSA/PKCS1.5

    NONEwithRSA

    NONEwithRSA

    SHA1 with RSA

    SHA1withRSA

    SHA224 with RSA

    SHA224withRSA

    SHA256 with RSA

    SHA256withRSA

    SHA384 with RSA

    SHA384withRSA

    SHA512 with RSA

    SHA512withRSA

    PSS

    PSS SHA1 with RSA

    SHA1withRSA/PSS SHA1withRSAandMGF1

    PSS SHA224 with RSA

    SHA224withRSA/PSS SHA224withRSAandMGF1

    PSS SHA256 with RSA

    SHA256withRSA/PSS SHA256withRSAandMGF1

    PSS SHA384 with RSA

    SHA384withRSA/PSS SHA384withRSAandMGF1

    PSS SHA512 with RSA

    SHA512withRSA/PSS SHA512withRSAandMGF1