Supported mechanisms for EP11 tokens
View a list of the supported mechanisms for the EP11 token in the openCryptoki implementation.
$ pkcsconf -m -c <slot>
Mechanism #2
Mechanism: 0x131 (CKM_DES3_KEY_GEN)
Key Size: 24-24
Flags: 0x8001 (CKF_HW|CKF_GENERATE)
…
Mechanism #10
Mechanism: 0x132 (CKM_DES3_ECB)
Key Size: 24-24
Flags: 0x60301 (CKF_HW|CKF_ENCRYPT|CKF_DECRYPT|CKF_WRAP|CKF_UNWRAP)
Mechanism #11
Mechanism: 0x133 (CKM_DES3_CBC)
Key Size: 24-24
Flags: 0x60301 (CKF_HW|CKF_ENCRYPT|CKF_DECRYPT|CKF_WRAP|CKF_UNWRAP)
...
The list displays all mechanisms that are supported by this token. The mechanism ID and name corresponds to the PKCS #11 specification. Each mechanism provides its supported key size and some further properties such as hardware support and mechanism information flags. These flags provide information about the PKCS #11 functions that may use the mechanism. In some cases, the flags also provide further attributes that describe the supported variants of the mechanism. Typical functions are for example, encrypt, decrypt, wrap key, unwrap key, sign, or verify.
Mechanism | Key sizes (in bits) | Properties |
---|---|---|
CKM_AES_CBC | 16,24,32 | ENCRYPT,DECRYPT, WRAP,UNWRAP |
CKM_AES_CBC_PAD | 16,24,32 | ENCRYPT,DECRYPT, WRAP,UNWRAP |
CKM_AES_CMAC | 16,24,32 | SIGN,VERIFY |
CKM_AES_CMAC_GENERAL | 16,24,32 | SIGN,VERIFY |
CKM_AES_ECB | 16,24,32 | ENCRYPT,DECRYPT |
CKM_AES_KEY_GEN | 16,24,32 | GENERATE |
CKM_DES2_KEY_GEN | 16 | GENERATE |
CKM_DES3_CBC | 16,24 | ENCRYPT,DECRYPT, WRAP,UNWRAP |
CKM_DES3_CBC_PAD | 16,24 | ENCRYPT,DECRYPT, WRAP,UNWRAP |
CKM_DES3_CMAC | 16,24 | SIGN,VERIFY |
CKM_DES3_CMAC_GENERAL | 16,24 | SIGN,VERIFY |
CKM_DES3_ECB | 16,24 | ENCRYPT,DECRYPT |
CKM_DES3_KEY_GEN | 24 | GENERATE |
CKM_DH_PKCS_DERIVE | 1024-3072 | DERIVE |
CKM_DH_PKCS_KEY_PAIR_GEN | 1024-3072 | GENERATE_KEY_PAIR |
CKM_DH_PKCS_PARAMETER_GEN | 1024-3072 | GENERATE |
CKM_DSA | 1024-3072 | SIGN,VERIFY |
CKM_DSA_KEY_PAIR_GEN | 1024-3072 | GENERATE_KEY_PAIR |
CKM_DSA_PARAMETER_GEN | 1024-3072 | GENERATE |
CKM_DSA_SHA1 | 1024-3072 | SIGN,VERIFY |
CKM_EC_KEY_PAIR_GEN | 192,521 | GENERATE_KEY_PAIR, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDH1_DERIVE [1] | 192,521 | DERIVE, EC_F_P, EC_UNCOMPRESS |
CKM_ECDSA | 192,521 | SIGN,VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_KEY_PAIR_GEN | 192,521 | GENERATE_KEY_PAIR, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_SHA1 | 192,521 | SIGN,VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_SHA224 | 192-521 | SIGN,VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_SHA256 | 192-521 | SIGN, VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_SHA384 | 192-521 | SIGN,VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_ECDSA_SHA512 | 192-521 | SIGN,VERIFY, EC_F_P, EC_NAMEDCURVE, EC_UNCOMPRESS |
CKM_IBM_CMAC | 16,32 | SIGN,VERIFY |
CKM_IBM_DILITHIUM [2] | 256 | SIGN,VERIFY, GENERATE_KEY_PAIR |
CKM_IBM_EC_C25519 | 256 | DERIVE, EC_F_P, EC_UNCOMPRESS |
CKM_IBM_EC_C448 | 448 | DERIVE, EC_F_P, EC_UNCOMPRESS |
CKM_IBM_ED25519_SHA512 | 256 | SIGN,VERIFY, EC_F_P, EC_UNCOMPRESS |
CKM_IBM_ED448_SHA3 | 448 | SIGN,VERIFY, EC_F_P, EC_UNCOMPRESS |
CKM_IBM_EDDSA_SHA512 | n/a | SIGN,VERIFY |
CKM_IBM_SHA3_224 | n/a | DIGEST |
CKM_IBM_SHA3_224_HMAC | 112-256 | SIGN,VERIFY |
CKM_IBM_SHA3_256 | n/a | DIGEST |
CKM_IBM_SHA3_256_HMAC | 128-256 | SIGN,VERIFY |
CKM_IBM_SHA3_384 | n/a | DIGEST |
CKM_IBM_SHA3_384_HMAC | 192-256 | SIGN,VERIFY |
CKM_IBM_SHA3_512 | n/a | DIGEST |
CKM_IBM_SHA3_512_HMAC | 256 | SIGN,VERIFY |
CKM_PBE_SHA1_DES3_EDE_CBC | 24 | GENERATE |
CKM_RSA_PKCS | 1024-4096 | ENCRYPT,DECRYPT, SIGN,VERIFY, WRAP,UNWRAP |
CKM_RSA_PKCS_KEY_PAIR_GEN | 1024-4096 | GENERATE_KEY_PAIR |
CKM_RSA_PKCS_OAEP [3] | 1024-4096 | ENCRYPT,DECRYPT, WRAP,UNWRAP |
CKM_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
CKM_RSA_X9_31 | 1024-4096 | SIGN, VERIFY |
CKM_RSA_X9_31_KEY_PAIR_GEN | 1024-4096 | GENERATE_KEY_PAIR |
CKM_SHA_1 | n/a | DIGEST |
CKM_SHA_1_HMAC | 80-256 | SIGN,VERIFY |
CKM_SHA1_KEY_DERIVATION | n/a | DERIVE |
CKM_SHA1_RSA_PKCS | 1024-4096 | SIGN,VERIFY |
CKM_SHA1_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
CKM_SHA1_RSA_X9_31 | 1024-4096 | SIGN,VERIFY |
CKM_SHA224 | n/a | DIGEST |
CKM_SHA224_HMAC | 112-256 | SIGN, VERIFY |
CKM_SHA224_HMAC_GENERAL | 80-2048 | SIGN, VERIFY |
CKM_SHA224_KEY_DERIVATION | n/a | DERIVE |
CKM_SHA224_RSA_PKCS | 1024-4096 | SIGN,VERIFY |
CKM_SHA224_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
CKM_SHA256 | n/a | DIGEST |
CKM_SHA256_HMAC | 128-256 | SIGN,VERIFY |
CKM_SHA256_KEY_DERIVATION | n/a | DERIVE |
CKM_SHA256_RSA_PKCS | 1024-4096 | SIGN,VERIFY |
CKM_SHA256_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
CKM_SHA384 | n/a | DIGEST |
CKM_SHA384_HMAC | 192-256 | SIGN,VERIFY |
CKM_SHA384_KEY_DERIVATION | n/a | DERIVE |
CKM_SHA384_RSA_PKCS | 1024-4096 | SIGN,VERIFY |
CKM_SHA384_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
CKM_SHA512 | n/a | DIGEST |
CKM_SHA512_224 | n/a | DIGEST |
CKM_SHA512_224_HMAC | 112-256 | SIGN,VERIFY |
CKM_SHA512_224_HMAC_GENERAL | 16,256 | SIGN,VERIFY |
CKM_SHA512_256 | n/a | Digest |
CKM_SHA512_256_HMAC | 128-256 | SIGN,VERIFY |
CKM_SHA512_256_HMAC_GENERAL | 16,256 | SIGN,VERIFY |
CKM_SHA512_HMAC | 256 | SIGN,VERIFY |
CKM_SHA512_KEY_DERIVATION | n/a | DERIVE |
CKM_SHA512_RSA_PKCS | 1024-4096 | SIGN,VERIFY |
CKM_SHA512_RSA_PKCS_PSS | 1024-4096 | SIGN,VERIFY |
|
For explanation about the key object properties see the PKCS #11 Cryptographic Token Interface Standard.