List of Constants
Mechanism Information Flags
| Bit Flag | Mask | Meaning |
|---|---|---|
| CKF_HW | 0x00000001 | True if the mechanism is performed by the device; false if the mechanism is performed in software |
| CKF_ENCRYPT | 0x00000100 | True if the mechanism can be used with C_EncryptInit |
| CKF_DECRYPT | 0x00000200 | True if the mechanism can be used with C_DecryptInit |
| CKF_DIGEST | 0x00000400 | True if the mechanism can be used with C_DigestInit |
| CKF_SIGN | 0x00000800 | True if the mechanism can be used with C_SignInit |
| CKF_VERIFY | 0x00002000 | True if the mechanism can be used with C_VerifyInit. Must be false for this version. |
| CKF_GENERATE | 0x00008000 | True if the mechanism can be used with C_GenerateKey. Must be false for this version. |
| CKF_GENERATE_KEY_PAIR | 0x00010000 | True if the mechanism can be used with C_GenerateKeyPair. Must be false for this version. |
| CKF_WRAP | 0x00020000 | True if the mechanism can be used with C_WrapKey. Must be false for this version. |
| CKF_UNWRAP | 0x00040000 | True if the mechanism can be used with C_UnwrapKey. Must be false for this version. |
| CKF_EXTENSION | 0x80000000 | True if there is an extension to the flags; false if no extensions. Must be false for this version. |
Mechanisms
The following table lists which Cryptoki mechanisms (CK_MECHANISM_TYPE) are supported by different cryptographic operations.
Lines in red correspond to unsupported mechanisms.
| Functions | |||||||
|---|---|---|---|---|---|---|---|
| Mechanism | Encrypt & Decrypt | Sign & Verify | SR & VR | Digest | Gen. Key/Key Pair | Wrap & Unwrap | Derive |
| CKM_RSA_PKCS_KEY_PAIR_GEN |  |
||||||
| CKM_RSA_X9_31_KEY_PAIR_GEN |
|
||||||
| CKM_RSA_PKCS |
|
|
|
|
|||
| CKM_RSA_PKCS_OAEP |
|
|
|||||
| CKM_RSA_PKCS_PSS |
|
|
|||||
| CKM_RSA_9796 |
|
|
|||||
| CKM_RSA_X_509 |
|
|
|
||||
| CKM_RSA_X9_31 |
|
||||||
| CKM_MD2_RSA_PKCS |
|
||||||
| CKM_MD5_RSA_PKCS |
|
||||||
| CKM_SHA1_RSA_PKCS |
|
||||||
| CKM_SHA256_RSA_PKCS |
|
||||||
| CKM_SHA384_RSA_PKCS |
|
||||||
| CKM_SHA512_RSA_PKCS |
|
||||||
| CKM_RIPEMD128_RSA_PKCS |
|
||||||
| CKM_RIPEMD160_RSA_PKCS |
|
||||||
| CKM_SHA1_RSA_PKCS_PSS |
|
||||||
| CKM_SHA256_RSA_PKCS_PSS |
|
||||||
| CKM_SHA384_RSA_PKCS_PSS |
|
||||||
| CKM_SHA512_RSA_PKCS_PSS |
|
||||||
| CKM_SHA1_RSA_X9_31 |
|
||||||
| CKM_DSA_KEY_PAIR_GEN |
|
||||||
| CKM_DSA_PARAMETER_GEN |
|
||||||
| CKM_DSA |
|
||||||
| CKM_DSA_SHA1 |
|
||||||
| CKM_FORTEZZA_TIMESTAMP |
|
||||||
| CKM_EC_KEY_PAIR_GEN (CKM_ECDSA_KEY_PAIR_GEN) |
|
||||||
| CKM_ECDSA |
|
||||||
| CKM_ECDSA_SHA1 |
|
||||||
| CKM_ECDH1_DERIVE |
|
||||||
| CKM_ECDH1_COFACTOR_DERIVE |
|
||||||
| CKM_ECMQV_DERIVE |
|
||||||
| CKM_DH_PKCS_KEY_PAIR_GEN |
|
||||||
| CKM_DH_PKCS_PARAMETER_GEN |
|
||||||
| CKM_DH_PKCS_DERIVE |
|
||||||
| CKM_X9_42_DH_KEY_PAIR_GEN |
|
||||||
| CKM_X9_42_DH_PKCS_PARAMETER_GEN |
|
||||||
| CKM_X9_42_DH_DERIVE |
|
||||||
| CKM_X9_42_DH_HYBRID_DERIVE |
|
||||||
| CKM_X9_42_MQV_DERIVE |
|
||||||
| CKM_KEA_KEY_PAIR_GEN |
|
||||||
| CKM_KEA_KEY_DERIVE |
|
||||||
| CKM_GENERIC_SECRET_KEY_GEN |
|
||||||
| CKM_RC2_KEY_GEN |
|
||||||
| CKM_RC2_ECB |
|
|
|||||
| CKM_RC2_CBC |
|
|
|||||
| CKM_RC2_CBC_PAD |
|
|
|||||
| CKM_RC2_MAC_GENERAL |
|
||||||
| CKM_RC2_MAC |
|
||||||
|
CKM_RC4_KEY_GEN |
|
||||||
|
CKM_RC4 |
|
||||||
|
CKM_RC5_KEY_GEN |
|
||||||
|
CKM_RC5_ECB |
|
|
|||||
|
CKM_RC5_CBC |
|
|
|||||
|
CKM_RC5_CBC_PAD |
|
|
|||||
|
CKM_RC5_MAC_GENERAL |
|
||||||
| CKM_RC5_MAC |
|
||||||
| CKM_AES_KEY_GEN*** |
|
||||||
| CKM_AES_ECB*** |
|
|
|||||
| CKM_AES_CBC*** |
|
|
|||||
| CKM_AES_CBC_PAD*** |
|
|
|||||
| CKM_AES_MAC_GENERAL*** |
|
||||||
| CKM_AES_MAC*** |
|
||||||
| CKM_DES_KEY_GEN*** |
|
||||||
| CKM_DES_ECB*** |
|
|
|||||
| CKM_DES_CBC*** |
|
|
|||||
| CKM_DES_CBC_PAD*** |
|
|
|||||
| CKM_DES_MAC_GENERAL*** |
|
||||||
| CKM_DES_MAC*** |
|
||||||
| CKM_DES2_KEY_GEN*** |
|
||||||
| CKM_DES3_KEY_GEN*** |
|
||||||
| CKM_DES3_ECB*** |
|
|
|||||
| CKM_DES3_CBC*** |
|
|
|||||
| CKM_DES3_CBC_PAD*** |
|
|
|||||
| CKM_DES3_MAC_GENERAL*** |
|
||||||
| CKM_DES3_MAC*** |
|
||||||
| CKM_CAST_KEY_GEN |
|
||||||
| CKM_CAST_ECB |
|
|
|||||
| CKM_CAST_CBC |
|
|
|||||
| CKM_CAST_CBC_PAD |
|
|
|||||
| CKM_CAST_MAC_GENERAL |
|
||||||
| CKM_CAST_MAC |
|
||||||
| CKM_CAST3_KEY_GEN |
|
||||||
| CKM_CAST3_ECB |
|
|
|||||
| CKM_CAST3_CBC |
|
|
|||||
| CKM_CAST3_CBC_PAD |
|
|
|||||
| CKM_CAST3_MAC_GENERAL |
|
||||||
| CKM_CAST3_MAC |
|
||||||
| CKM_CAST128_KEY_GEN (CKM_CAST5_KEY_GEN) |
|
||||||
| CKM_CAST128_ECB (CKM_CAST5_ECB) |
|
|
|||||
| CKM_CAST128_CBC (CKM_CAST5_CBC) |
|
|
|||||
| CKM_CAST128_CBC_PAD (CKM_CAST5_CBC_PAD) |
|
|
|||||
| CKM_CAST128_MAC_GENERAL (CKM_CAST5_MAC_GENERAL) |
|
||||||
| CKM_CAST128_MAC (CKM_CAST5_MAC) |
|
||||||
| CKM_IDEA_KEY_GEN |
|
||||||
| CKM_IDEA_ECB |
|
|
|||||
| CKM_IDEA_CBC |
|
|
|||||
| CKM_IDEA_CBC_PAD |
|
|
|||||
| CKM_IDEA_MAC_GENERAL |
|
||||||
| CKM_IDEA_MAC |
|
||||||
| CKM_CDMF_KEY_GEN |
|
||||||
| CKM_CDMF_ECB |
|
|
|||||
| CKM_CDMF_CBC |
|
|
|||||
| CKM_CDMF_CBC_PAD |
|
|
|||||
| CKM_CDMF_MAC_GENERAL |
|
||||||
| CKM_CDMF_MAC |
|
||||||
| CKM_DES_ECB_ENCRYPT_DATA |
|
||||||
| CKM_DES_CBC_ENCRYPT_DATA |
|
||||||
| CKM_DES3_ECB_ENCRYPT_DATA |
|
||||||
| CKM_DES3_CBC_ENCRYPT_DATA |
|
||||||
| CKM_AES_ECB_ENCRYPT_DATA |
|
||||||
| CKM_AES_CBC_ENCRYPT_DATA |
|
||||||
| CKM_SKIPJACK_KEY_GEN |
|
||||||
| CKM_SKIPJACK_ECB64 |
|
||||||
| CKM_SKIPJACK_CBC64 |
|
||||||
| CKM_SKIPJACK_OFB64 |
|
||||||
| CKM_SKIPJACK_CFB64 |
|
||||||
| CKM_SKIPJACK_CFB32 |
|
||||||
| CKM_SKIPJACK_CFB16 |
|
||||||
| CKM_SKIPJACK_CFB8 |
|
||||||
| CKM_SKIPJACK_WRAP |
|
||||||
| CKM_SKIPJACK_PRIVATE_WRAP |
|
||||||
| CKM_SKIPJACK_RELAYX |
|
||||||
| CKM_BATON_KEY_GEN |
|
||||||
| CKM_BATON_ECB128 |
|
||||||
| CKM_BATON_ECB96 |
|
||||||
| CKM_BATON_CBC128 |
|
||||||
| CKM_BATON_COUNTER |
|
||||||
| CKM_BATON_SHUFFLE |
|
||||||
| CKM_BATON_WRAP |
|
||||||
| CKM_JUNIPER_KEY_GEN |
|
||||||
| CKM_JUNIPER_ECB128 |
|
||||||
| CKM_JUNIPER_CBC128 |
|
||||||
| CKM_JUNIPER_COUNTER |
|
||||||
| CKM_JUNIPER_SHUFFLE |
|
||||||
| CKM_JUNIPER_WRAP |
|
||||||
| CKM_MD2 |
|
||||||
| CKM_MD2_HMAC_GENERAL |
|
||||||
| CKM_MD2_HMAC |
|
||||||
| CKM_MD2_KEY_DERIVATION |
|
||||||
| CKM_MD5 |
|
||||||
| CKM_MD5_HMAC_GENERAL |
|
||||||
| CKM_MD5_HMAC |
|
||||||
| CKM_MD5_KEY_DERIVATION |
|
||||||
| CKM_SHA_1 |
|
||||||
| CKM_SHA_1_HMAC_GENERAL |
|
||||||
| CKM_SHA_1_HMAC |
|
||||||
| CKM_SHA1_KEY_DERIVATION |
|
||||||
| CKM_SHA256 |
|
||||||
| CKM_SHA256_HMAC_GENERAL |
|
||||||
| CKM_SHA256_HMAC |
|
||||||
| CKM_SHA256_KEY_DERIVATION |
|
||||||
| CKM_SHA384 |
|
||||||
| CKM_SHA384_HMAC_GENERAL |
|
||||||
| CKM_SHA384_HMAC |
|
||||||
| CKM_SHA384_KEY_DERIVATION |
|
||||||
| CKM_SHA512 |
|
||||||
| CKM_SHA512_HMAC_GENERAL |
|
||||||
| CKM_SHA512_HMAC |
|
||||||
| CKM_SHA512_KEY_DERIVATION |
|
||||||
| CKM_RIPEMD128 |
|
||||||
| CKM_RIPEMD128_HMAC_GENERAL |
|
||||||
| CKM_RIPEMD128_HMAC |
|
||||||
| CKM_RIPEMD160 |
|
||||||
| CKM_RIPEMD160_HMAC_GENERAL |
|
||||||
| CKM_RIPEMD160_HMAC |
|
||||||
| CKM_FASTHASH |
|
||||||
| CKM_PBE_MD2_DES_CBC |
|
||||||
| CKM_PBE_MD5_DES_CBC |
|
||||||
| CKM_PBE_MD5_CAST_CBC |
|
||||||
| CKM_PBE_MD5_CAST3_CBC |
|
||||||
| CKM_PBE_MD5_CAST128_CBC (CKM_PBE_MD5_CAST5_CBC) |
|
||||||
| CKM_PBE_SHA1_CAST128_CBC (CKM_PBE_SHA1_CAST5_CBC) |
|
||||||
| CKM_PBE_SHA1_RC4_128 |
|
||||||
| CKM_PBE_SHA1_RC4_40 |
|
||||||
| CKM_PBE_SHA1_DES3_EDE_CBC |
|
||||||
| CKM_PBE_SHA1_DES2_EDE_CBC |
|
||||||
| CKM_PBE_SHA1_RC2_128_CBC |
|
||||||
| CKM_PBE_SHA1_RC2_40_CBC |
|
||||||
| CKM_PBA_SHA1_WITH_SHA1_HMAC |
|
||||||
| CKM_PKCS5_PBKD2 |
|
||||||
| CKM_KEY_WRAP_SET_OAEP |
|
||||||
| CKM_KEY_WRAP_LYNKS |
|
||||||
| CKM_SSL3_PRE_MASTER_KEY_GEN |
|
||||||
| CKM_SSL3_MASTER_KEY_DERIVE |
|
||||||
| CKM_SSL3_MASTER_KEY_DERIVE_DH |
|
||||||
| CKM_SSL3_KEY_AND_MAC_DERIVE |
|
||||||
| CKM_SSL3_MD5_MAC |
|
||||||
| CKM_SSL3_SHA1_MAC |
|
||||||
| CKM_TLS_PRE_MASTER_KEY_GEN |
|
||||||
| CKM_TLS_MASTER_KEY_DERIVE |
|
||||||
| CKM_TLS_MASTER_KEY_DERIVE_DH |
|
||||||
| CKM_TLS_KEY_AND_MAC_DERIVE |
|
||||||
| CKM_TLS_PRF |
|
||||||
| CKM_WTLS_PRE_MASTER_KEY_GEN |
|
||||||
| CKM_WTLS_MASTER_KEY_DERIVE |
|
||||||
| CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC |
|
||||||
| CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE |
|
||||||
| CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE |
|
||||||
| CKM_WTLS_PRF |
|
||||||
| CKM_CMS_SIG |
|
|
|||||
| CKM_CONCATENATE_BASE_AND_KEY |
|
||||||
| CKM_CONCATENATE_BASE_AND_DATA |
|
||||||
| CKM_CONCATENATE_DATA_AND_BASE |
|
||||||
| CKM_XOR_BASE_AND_DATA |
|
||||||
| CKM_EXTRACT_KEY_FROM_KEY |
|
||||||
| CKM_ACTI |
|
||||||
** Only secret keys can be unwrapped AES, DES… The key length should be < k where k is the length of the RSA key.
*** Secret Key mechanisms (AES, DES, and DES3) are only supported with cryptography in software not on the smart card.
