This topic describes algorithms supported by the PKCS #11 library and the mechanisms for encryption, decryption, and signing and verification.
Supported algorithms
Encryption and decryption: AES-CBC, AES-CTR, AES-ECB, AES-GCM, DES3-CBC, DES3-ECB, RSA-OAEP, and RSA-PKCS
Signing and verification: RSA, HMAC, and ECDSA
Hash/Digest: SHA1, SHA224, SHA256, SHA384, and SHA512
Key wrapping: AES Key Wrap, AES-GCM, RSA-AES, and RSA-OAEP
Key export: ECDH
Supported key generation mechanisms
CKM_GENERIC_SECRET_KEY_GEN
CKM_DES3_KEY_GEN
CKM_AES_KEY_GEN
CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_EC_KEY_PAIR_GEN
Supported signing and verification mechanisms
CKM_SHA1_RSA_PKCS
CKM_SHA224_RSA_PKCS
CKM_SHA256_RSA_PKCS
CKM_SHA384_RSA_PKCS
CKM_SHA512_RSA_PKCS
CKM_RSA_PKCS_PSS
CKM_SHA1_RSA_PKCS_PSS
CKM_SHA224_RSA_PKCS_PSS
CKM_SHA256_RSA_PKCS_PSS
CKM_SHA384_RSA_PKCS_PSS
CKM_SHA512_RSA_PKCS_PSS
CKM_ECDSA
CKM_ECDSA_SHA1
CKM_ECDSA_SHA224
CKM_ECDSA_SHA256
CKM_ECDSA_SHA384
CKM_ECDSA_SHA512
CKM_SHA_1_HMAC
CKM_SHA224_HMAC
CKM_SHA256_HMAC
CKM_SHA384_HMAC
CKM_SHA512_HMAC
Supported digest mechanisms
CKM_SHA_1
CKM_SHA224
CKM_SHA256
CKM_SHA384
CKM_SHA512
Supported encryption and decryption mechanisms
CKM_DES3_CBC
CKM_DES3_CBC_PAD
CKM_DES3_ECB
CKM_AES_CBC
CKM_AES_CBC_PAD
CKM_AES_ECB
CKM_AES_CTR
CKM_AES_GCM
CKM_CLOUDHSM_AES_GCM
CKM_AES_KEY_WRAP
CKM_AES_KEY_WRAP_PAD
CKM_AES_KEY_WRAP_NO_PAD
CKM_AES_KEY_WRAP_PKCS5_PAD
CKM_RSA_PKCS
CKM_RSA_PKCS_OAEP
Supported key derivation mechanisms
CKM_ECDH1_DERIVE
Supported wrapping and unwrapping mechanisms
CKM_AES_GCM
CKM_CLOUDHSM_AES_GCM
CKM_AES_KEY_WRAP
CKM_AES_KEY_WRAP_PAD
CKM_AES_KEY_WRAP_NO_PAD
CKM_AES_KEY_WRAP_PKCS5_PAD
CKM_RSA_AES_KEY_WRAP
CKM_DES3_NIST_WRAP
CKM_RSA_PKCS
CKM_RSA_PKCS_OAEP