Cryptographic Token Interface Standard

PKCS#11


Mechanisms 2


Sections

KEA
RC2
RC4
RC5
General block cipher
SKIPJACK
BATON
JUNIPER
MD2
MD5
FASTHASH
PKCS #5 and PKCS #5-style password-based encryption (PBE)
PKCS #12 password-based encryption/authentication mechanisms
RIPE-MD
SET
LYNKS

Detailed Description

A mechanism specifies precisely how a certain cryptographic process is to be performed.

The following table shows which Cryptoki mechanisms are supported by different cryptographic operations. For any particular token, of course, a particular operation may well support only a subset of the mechanisms listed. There is also no guarantee that a token which supports one mechanism for some operation supports any other mechanism for any other operation (or even supports that same mechanism for any other operation). For example, even if a token is able to create RSA digital signatures with the CKM_RSA_PKCS mechanism, it may or may not be the case that the same token can also perform RSA encryption with CKM_RSA_PKCS.

Table 31, Mechanisms vs. Functions
 
Functions
Meaning          
Mechanism
Encrypt
&
Decrypt
Sign
&
Verify
SR
&
VR1
Digest
Gen.
Key/
Key
Pair
Wrap
&
Unwrap
Derive
CKM_FORTEZZA_TIMESTAMP  
X2
         
CKM_KEA_KEY_PAIR_GEN        
X
   
CKM_KEA_KEY_DERIVE            
X
CKM_RC2_KEY_GEN        
X
   
CKM_RC2_ECB
X
       
X
 
CKM_RC2_CBC
X
       
X
 
CKM_RC2_CBC_PAD
X
       
X
 
CKM_RC2_MAC_GENERAL  
X
         
CKM_RC2_MAC  
X
         
CKM_RC4_KEY_GEN        
X
   
CKM_RC4
X
           
CKM_RC5_KEY_GEN        
X
   
CKM_RC5_ECB
X
       
X
 
CKM_RC5_CBC
X
       
X
 
CKM_RC5_CBC_PAD
X
       
X
 
CKM_RC5_MAC_GENERAL  
X
         
CKM_RC5_MAC  
X
         
CKM_DES_KEY_GEN        
X
   
CKM_DES_ECB
X
       
X
 
CKM_DES_CBC
X
       
X
 
CKM_DES_CBC_PAD
X
       
X
 
CKM_DES_MAC_GENERAL  
X
         
CKM_DES_MAC  
X
         
CKM_CAST_KEY_GEN        
X
   
CKM_CAST_ECB
X
       
X
 
CKM_CAST_CBC
X
       
X
 
CKM_CAST_CBC_PAD
X
       
X
 
CKM_CAST_MAC_GENERAL  
X
         
CKM_CAST_MAC  
X
         
CKM_CAST3_KEY_GEN        
X
   
CKM_CAST3_ECB
X
       
X
 
CKM_CAST3_CBC
X
       
X
 
CKM_CAST3_CBC_PAD
X
       
X
 
CKM_CAST3_MAC_GENERAL  
X
         
CKM_CAST3_MAC  
X
         
CKM_CAST128_KEY_GEN ( CKM_CAST5_KEY_GEN)        
X
   
CKM_CAST128_ECB ( CKM_CAST5_ECB)
X
       
X
 
CKM_CAST128_CBC ( CKM_CAST5_CBC)
X
       
X
 
CKM_CAST128_CBC_PAD ( CKM_CAST5_CBC_PAD)
X
       
X
 
CKM_CAST128_MAC_GENERAL ( CKM_CAST5_MAC_GENERAL)  
X
         
CKM_CAST128_MAC ( CKM_CAST5_MAC)  
X
         
CKM_IDEA_KEY_GEN        
X
   
CKM_IDEA_ECB
X
       
X
 
CKM_IDEA_CBC
X
       
X
 
CKM_IDEA_CBC_PAD
X
       
X
 
CKM_IDEA_MAC_GENERAL  
X
         
CKM_IDEA_MAC  
X
         
CKM_CDMF_KEY_GEN        
X
   
CKM_CDMF_ECB
X
       
X
 
CKM_CDMF_CBC
X
       
X
 
CKM_CDMF_CBC_PAD
X
       
X
 
CKM_CDMF_MAC_GENERAL  
X
         
CKM_CDMF_MAC  
X
         
CKM_SKIPJACK_KEY_GEN        
X
   
CKM_SKIPJACK_ECB64
X
           
CKM_SKIPJACK_CBC64
X
           
CKM_SKIPJACK_OFB64
X
           
CKM_SKIPJACK_CFB64
X
           
CKM_SKIPJACK_CFB32
X
           
CKM_SKIPJACK_CFB16
X
           
CKM_SKIPJACK_CFB8
X
           
CKM_SKIPJACK_WRAP          
X
 
CKM_SKIPJACK_PRIVATE_WRAP          
X
 
CKM_SKIPJACK_RELAYX          
X3
 
CKM_BATON_KEY_GEN        
X
   
CKM_BATON_ECB128
X
           
CKM_BATON_ECB96
X
           
CKM_BATON_CBC128
X
           
CKM_BATON_COUNTER
X
           
CKM_BATON_SHUFFLE
X
           
CKM_BATON_WRAP          
X
 
CKM_JUNIPER_KEY_GEN        
X
   
CKM_JUNIPER_ECB128
X
           
CKM_JUNIPER_CBC128
X
           
CKM_JUNIPER_COUNTER
X
           
CKM_JUNIPER_SHUFFLE
X
           
CKM_JUNIPER_WRAP          
X
 
CKM_MD2      
X
     
CKM_MD2_HMAC_GENERAL  
X
         
CKM_MD2_HMAC  
X
         
CKM_MD2_KEY_DERIVATION            
X
CKM_MD5      
X
     
CKM_MD5_HMAC_GENERAL  
X
         
CKM_MD5_HMAC  
X
         
CKM_MD5_KEY_DERIVATION            
X
CKM_RIPEMD128      
X
     
CKM_RIPEMD128_HMAC_GENERAL  
X
         
CKM_RIPEMD128_HMAC  
X
         
CKM_RIPEMD160      
X
     
CKM_RIPEMD160_HMAC_GENERAL  
X
         
CKM_RIPEMD160_HMAC  
X
         
CKM_FASTHASH      
X
     
CKM_PBE_MD2_DES_CBC        
X
   
CKM_PBE_MD5_DES_CBC        
X
   
CKM_PBE_MD5_CAST_CBC        
X
   
CKM_PBE_MD5_CAST3_CBC        
X
   
CKM_PBE_MD5_CAST128_CBC ( CKM_PBE_MD5_CAST5_CBC)        
X
   
CKM_PBE_SHA1_CAST128_CBC ( CKM_PBE_SHA1_CAST5_CBC)        
X
   
CKM_PBE_SHA1_RC4_128        
X
   
CKM_PBE_SHA1_RC4_40        
X
   
CKM_PBE_SHA1_RC2_128_CBC        
X
   
CKM_PBE_SHA1_RC2_40_CBC        
X
   
CKM_PBA_SHA1_WITH_SHA1_HMAC        
X
   
CKM_PKCS5_PBKD2        
X
   
CKM_KEY_WRAP_SET_OAEP          
X
 
CKM_KEY_WRAP_LYNKS          
X
 

1 SR = SignRecover, VR = VerifyRecover.

2 Single-part operations only.

3 Mechanism can only be used for wrapping, not unwrapping.

The remainder of this section will present in detail the mechanisms supported by Cryptoki and the parameters which are supplied to them.

In general, if a mechanism makes no mention of the ulMinKeyLen and ulMaxKeyLen fields of the CK_MECHANISM_INFO structure, then those fields have no meaning for that particular mechanism.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230