Supported curves with elliptic curve cryptography in the EP11 token

View a list of curves that are supported by the EP11 token for elliptic curve cryptography (ECC).

For the support of elliptic curve cryptography, the EP11 token provides standard mechanisms and IBM®-specific mechanisms for key derivation and for sign and verify operations. For more information, refer to Supported mechanisms for EP11 tokens.

Table 1. Curves supported by the EP11 token for elliptic curve cryptography (ECC)
Table with three columns that contain information about curves supported by the EP11 token for elliptic curve cryptography (ECC)
Curve	Purpose
brainpoolP160r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP160t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP192r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP192t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP224r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP224t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP256r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP256t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP320r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP320t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP1384r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP384t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP512r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
brainpoolP512t1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
prime192v1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
prime256v1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
secp224r1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
secp256k1	for Sign/Verify operations with `CKM_ECDSA` and CKM_ECDSA_SHAnnn for ECDH with CKM_ECDH1_DERIVE
secp384r1	for Sign/Verify operations with `CKM_ECDSA` and `CKM_ECDSA_SHAnnn` for ECDH with CKM_ECDH1_DERIVE
secp521r1	for Sign/Verify operations with `CKM_ECDSA` and `CKM_ECDSA_SHAnnn` for ECDH with CKM_ECDH1_DERIVE
Montgomery curves, only for ECDH with certain IBM-specific mechanisms
curve448	ECDH with `CKM_IBM_EC_C448`
curve25519	ECDH with `CKM_IBM_EC_C25519`
Edwards Curves, only for Sign/Verify (EdDSA) with certain IBM-specific mechanisms
ed448	Sign/Verify with `CKM_IBM_ED448_SHA3`
ed25519	Sign/Verify with `CKM_IBM_ED25519_SHA512`

The EP11 host library provides access control point 55 to enable support of curve25519, c448, and related algorithms, including EdDSA:


55    XCP_CPB_ALG_EC_25519     enable support of curve25519, c448 and related algorithms
                               incl. EdDSA