GitHubContribute in GitHub: Open doc issue|Edit online

Algorithm properties

This topic summarizes the cryptographic algorithms and key lengths that are supported by various keystore services, including AWS KMS, Azure Key Vault, Google Cloud KMS, IBM Cloud KMS, IBM Key Protect, UKO KMG Agent, and MSDKE. Each service supports specific algorithms with recommended default key lengths. The tables provide details for each provider:

AWS KMS

AWS KMS is a managed service that allows users to create and control cryptographic keys by using either AWS-managed multi-tenant HSMs, dedicated CloudHSM instances, or external keystores for full control over key material. For more information, see AWS Key Management Service Documentation.

Algorithm and key length available for AWS KMS
Algorithm Key length (bit)
AES 256

Azure Key Vault

Azure Key Vault is a cloud-based service that securely stores and manages secrets, encryption keys, and certificates, offering both multi-tenant vaults and single-tenant managed HSMs for enhanced security. For more information, see Azure Key Vault Documentation.

Algorithm and key lengths available for Azure Key Vault
Algorithm Key length (bit)
RSA 2048
3072
4096

Google Cloud KMS

Google Cloud KMS provides key management capabilities with options for software-based keys, hardware-backed keys through Cloud HSM, and externally managed keys through EKM, supporting customer-managed encryption for data protection. For more information, see Google Cloud KMS Documentation.

Purpose in this table refers to the key’s intended cryptographic operation as defined by Google Cloud KMS documentation (for example, symmetric encryption, asymmetric signing, or decryption).

Algorithms for Google Cloud KMS and their purpose
Purpose Algorithm
Symmetric encrypt/decrypt AES-256
Asymmetric sign ECC-P-256 (secp256r1) (recommended)
ECC-P-384 (secp384r1)
ECC-secp256k1
RSA-PSS-2048 bit-SHA-256
RSA-PSS-3072 bit-SHA-256 (recommended)
RSA-PSS-4096 bit-SHA-256
RSA-PSS-4096 bit-SHA-512
RSA-PKCS#1 v1.5-2048 bit-SHA-256
RSA-PKCS#1 v1.5-3072 bit-SHA-256
RSA-PKCS#1 v1.5-4096 bit-SHA-256
RSA-PKCS#1 v1.5-4096 bit-SHA-512
RSA-PKCS#1 v1.5 signing without encoding-2048 bit
RSA-PKCS#1 v1.5 signing without encoding-3072 bit
RSA-PKCS#1 v1.5 signing without encoding-4096 bit
Asymmetric decrypt RSA-OAEP-2048 bit-SHA-1
RSA-OAEP-3072 bit-SHA-1
RSA-OAEP-4096 bit-SHA-1
RSA-OAEP-2048 bit-SHA-256
RSA-OAEP-3072 bit-SHA-256 (recommended)
RSA-OAEP-4096 bit-SHA-256
RSA-OAEP-4096 bit-SHA-512
MAC signing/verification HMAC-SHA-256

IBM Cloud KMS

IBM Cloud KMS uses Hyper Protect Crypto Services to manage keys within FIPS 140-2 Level 4-certified HSMs, supporting both internal keystores and integration with external providers like AWS, Azure, and Google Cloud. For more information, see IBM Cloud KMS Adoption Guide.

Algorithms and key lengths available for IBM Cloud KMS
Algorithm Key length (bit)
AES 256

IBM Key Protect

IBM Key Protect is a cloud-native key management service that stores and manages root and standard keys in FIPS 140-2 Level 3 HSMs, enabling secure encryption and access control through IAM policies. For more information, see IBM Key Protect.

Algorithms and key lengths available for IBM Key Protect
Algorithm Key length (bit)
AES 256

UKO KMG Agent

UKO KMG Agent is a key management gateway for IBM z/OS systems that facilitates secure key operations across sysplex environments, supporting a wide range of cryptographic algorithms and integration with ICSF keystores. For more information, see Understanding the UKO KMG Agent.

The following sections depict key lengths and other available options for various algorithms.

AES

Key length for AES
Algorithm Key length (bit)
AES 256

Select one of the key types for AES from the following options:

Parameters for AES
Key type Description
CIPHER Recommended for IBM Z Pervasive Encryption.
Supported from IBM z14 with CEX6 crypto cards.
Choose for maximum security.
EXPORTER Used for wrapping other keys for secure transfer to another system.
IMPORTER Used for unwrapping incoming keys for secure use within your system.
DATA (not recommended) Legacy key type for IBM Z Pervasive Encryption.
Supported from IBM z13 with CEX5 cards. Use only on IBM z13.

RSA

Key lengths for RSA
Algorithm Key length (bit)
RSA 2048
3072
4096

Select the key usage. It decides for what a key can be used. You can select one or both from:

Parameters for RSA
Key usage Description
Key management Key management covers key exchange, key import, and key export.
Signature For generating and verifying digital signatures.

HMAC

Key lengths for HMAC
Algorithm Key length (bit)
HMAC 80
128
256
512
1024
2048

Select options for the following:

Parameters for HMAC
Field Description
Generation and verification It is the only option available for which HMAC can be used.
Hash methods The hash method determines the strength of the HMAC.
It defines how resistant the resulting MAC is to forgery, collision attacks, and brute-force guessing.
You can select one or more of the following: SHA1, SHA224, SHA256, SHA384, and SHA512.

EC

Select options for the following:

Parameters for EC
Field Description
Curve family A curve family refers to a set of elliptic curves that share common mathematical properties, which are defined over a finite field.
These curves are used to create cryptographic systems with specific security and performance characteristics.
Curve name Based on the curve family selection, you must select one from the available list.
Curve names represent different mathematical definitions and properties, each with its own advantages and tradeoffs in terms of security, performance, and implementation complexity.
The choice of curve depends on the specific requirements and constraints of the application.
Key usage It decides for what a key can be used.
You can select one or both from: Key management and Signature.

ML-KEM

Key lengths for ML-KEM
Algorithm Key length (bit)
ML-KEM 768
1024

Select options for the following:

Parameters for ML-KEM
Field Description
Key usage It decides for what a key can be used.
Select one or more options here.
You must select at least one of the mandatory options with an asterisk (*).

ML-DSA

Select options for the following:

Parameters for ML-DSA
Field Description
Matrix size Refers to the size of the signature matrix.
Available sizes are Matrix size: 8x7, 6x5, and 4x4.
Mode You can select Pure or Pre-hash (SHA-512).
With pure mode, ML-DSA directly uses pseudorandom binary strings (bits) from a PRNG as the signature.
The signer generates n-bit strings for t time steps, forming a t x n matrix.
No additional hashing or preprocessing is involved.
With pre-hash mode, ML-DSA uses a hash function to process the message before signature generation.
The message is hashed, followed by generating pseudorandom bits and arranging them in a t x n matrix. This mode enhances security by incorporating the message's hash into the signature.
Key usage It decides for what a key can be used.
Select one or more options here.
You must select Signature that is the mandatory option.

Microsoft DKE

Microsoft DKE (Double Key Encryption) enhances data protection by requiring two keys for decryption—one stored in Azure and the other retained by the customer—ensuring compliance with stringent privacy and regulatory requirements. For more information, see Double Key Encryption Overview.

Algorithms and key lengths available for Microsoft DKE
Algorithm Key length (bit)
RSA 2048
3072
4096