Mechanisms

Sections
RSA mechanisms
DSA mechanisms
About ECDSA
ECDSA mechanisms
Diffie-Hellman mechanisms
KEA mechanism parameters
KEA mechanisms
Generic secret key mechanisms
Wrapping/unwrapping private keys (RSA, Diffie-Hellman, and DSA)
About RC2
RC2 mechanism parameters
RC2 mechanisms
RC4 mechanisms
About RC5
RC5 mechanism parameters
RC5 mechanisms
General block cipher mechanism parameters
General block cipher mechanisms
Double and Triple-length DES mechanisms
SKIPJACK mechanism parameters
SKIPJACK mechanisms
BATON mechanisms
JUNIPER mechanisms
MD2 mechanisms
MD5 mechanisms
SHA-1 mechanisms
FASTHASH mechanisms
Password-based encryption/authentication mechanism parameters
PKCS #5 and PKCS #5-style password-based encryption mechanisms
PKCS #12 password-based encryption/authentication mechanisms
SET mechanism parameters
SET mechanisms
LYNKS mechanisms
SSL mechanism parameters
SSL mechanisms
Parameters for miscellaneous simple key derivation mechanisms
Miscellaneous simple key derivation mechanisms
RIPE-MD 128 mechanisms
RIPE-MD 160 mechanisms

Detailed Description

A mechanism specifies precisely how a certain cryptographic process is to be performed.

The following table shows which Cryptoki mechanisms are supported by different cryptographic operations. For any particular token, of course, a particular operation may well support only a subset of the mechanisms listed. There is also no guarantee that a token which supports one mechanism for some operation supports any other mechanism for any other operation (or even supports that same mechanism for any other operation). For example, even if a token is able to create RSA digital signatures with the CKM_RSA_PKCS mechanism, it may or may not be the case that the same token can also perform RSA encryption with CKM_RSA_PKCS.

Table 55, Mechanisms vs. Functions
Functions

Mechanism Encrypt & Decrypt Sign & Verify SR & VR1 Digest Gen. Key/ Key Pair Wrap & Unwrap Derive

CKM_RSA_PKCS_KEY_PAIR_GEN X

CKM_RSA_PKCS X² X² X X

CKM_RSA_PKCS_OAEP X² X

CKM_RSA_9796 X² X

CKM_RSA_X_509 X² X² X X

CKM_MD2_RSA_PKCS X

CKM_MD5_RSA_PKCS X

CKM_SHA1_RSA_PKCS X

CKM_RIPEMD128_RSA_PKCS X

CKM_RIPEMD160_RSA_PKCS X

CKM_DSA_KEY_PAIR_GEN X

CKM_DSA X²

CKM_DSA_SHA1 X

CKM_FORTEZZA_TIMESTAMP X²

CKM_ECDSA_KEY_PAIR_GEN X

CKM_ECDSA X²

CKM_ECDSA_SHA1 X

CKM_DH_PKCS_KEY_PAIR_GEN X

CKM_DH_PKCS_DERIVE X

CKM_KEA_KEY_PAIR_GEN X

CKM_KEA_KEY_DERIVE X

CKM_GENERIC_SECRET_KEY_GEN X

CKM_RC2_KEY_GEN X

CKM_RC2_ECB X X

CKM_RC2_CBC X X

CKM_RC2_CBC_PAD X X

CKM_RC2_MAC_GENERAL X

CKM_RC2_MAC X

CKM_RC4_KEY_GEN X

CKM_RC4 X

CKM_RC5_KEY_GEN X

CKM_RC5_ECB X X

CKM_RC5_CBC X X

CKM_RC5_CBC_PAD X X

CKM_RC5_MAC_GENERAL X

CKM_RC5_MAC X

CKM_DES_KEY_GEN X

CKM_DES_ECB X X

CKM_DES_CBC X X

CKM_DES_CBC_PAD X X

CKM_DES_MAC_GENERAL X

CKM_DES_MAC X

CKM_DES2_KEY_GEN X

CKM_DES3_KEY_GEN X

CKM_DES3_ECB X X

CKM_DES3_CBC X X

CKM_DES3_CBC_PAD X X

CKM_DES3_MAC_GENERAL X

CKM_DES3_MAC X

CKM_CAST_KEY_GEN X

CKM_CAST_ECB X X

CKM_CAST_CBC X X

CKM_CAST_CBC_PAD X X

CKM_CAST_MAC_GENERAL X

CKM_CAST_MAC X

CKM_CAST3_KEY_GEN X

CKM_CAST3_ECB X X

CKM_CAST3_CBC X X

CKM_CAST3_CBC_PAD X X

CKM_CAST3_MAC_GENERAL X

CKM_CAST3_MAC X

CKM_CAST128_KEY_GEN ( CKM_CAST5_KEY_GEN) X

CKM_CAST128_ECB ( CKM_CAST5_ECB) X X

CKM_CAST128_CBC ( CKM_CAST5_CBC) X X

CKM_CAST128_CBC_PAD ( CKM_CAST5_CBC_PAD) X X

CKM_CAST128_MAC_GENERAL ( CKM_CAST5_MAC_GENERAL) X

CKM_CAST128_MAC ( CKM_CAST5_MAC) X

CKM_IDEA_KEY_GEN X

CKM_IDEA_ECB X X

CKM_IDEA_CBC X X

CKM_IDEA_CBC_PAD X X

CKM_IDEA_MAC_GENERAL X

CKM_IDEA_MAC X

CKM_CDMF_KEY_GEN X

CKM_CDMF_ECB X X

CKM_CDMF_CBC X X

CKM_CDMF_CBC_PAD X X

CKM_CDMF_MAC_GENERAL X

CKM_CDMF_MAC X

CKM_SKIPJACK_KEY_GEN X

CKM_SKIPJACK_ECB64 X

CKM_SKIPJACK_CBC64 X

CKM_SKIPJACK_OFB64 X

CKM_SKIPJACK_CFB64 X

CKM_SKIPJACK_CFB32 X

CKM_SKIPJACK_CFB16 X

CKM_SKIPJACK_CFB8 X

CKM_SKIPJACK_WRAP X

CKM_SKIPJACK_PRIVATE_WRAP X

CKM_SKIPJACK_RELAYX X³

CKM_BATON_KEY_GEN X

CKM_BATON_ECB128 X

CKM_BATON_ECB96 X

CKM_BATON_CBC128 X

CKM_BATON_COUNTER X

CKM_BATON_SHUFFLE X

CKM_BATON_WRAP X

CKM_JUNIPER_KEY_GEN X

CKM_JUNIPER_ECB128 X

CKM_JUNIPER_CBC128 X

CKM_JUNIPER_COUNTER X

CKM_JUNIPER_SHUFFLE X

CKM_JUNIPER_WRAP X

CKM_MD2 X

CKM_MD2_HMAC_GENERAL X

CKM_MD2_HMAC X

CKM_MD2_KEY_DERIVATION X

CKM_MD5 X

CKM_MD5_HMAC_GENERAL X

CKM_MD5_HMAC X

CKM_MD5_KEY_DERIVATION X

CKM_SHA_1 X

CKM_SHA_1_HMAC_GENERAL X

CKM_SHA_1_HMAC X

CKM_SHA1_KEY_DERIVATION X

CKM_RIPEMD128 X

CKM_RIPEMD128_HMAC_GENERAL X

CKM_RIPEMD128_HMAC X

CKM_RIPEMD160 X

CKM_RIPEMD160_HMAC_GENERAL X

CKM_RIPEMD160_HMAC X

CKM_FASTHASH X

CKM_PBE_MD2_DES_CBC X

CKM_PBE_MD5_DES_CBC X

CKM_PBE_MD5_CAST_CBC X

CKM_PBE_MD5_CAST3_CBC X

CKM_PBE_MD5_CAST128_CBC ( CKM_PBE_MD5_CAST5_CBC) X

CKM_PBE_SHA1_CAST128_CBC ( CKM_PBE_SHA1_CAST5_CBC) X

CKM_PBE_SHA1_RC4_128 X

CKM_PBE_SHA1_RC4_40 X

CKM_PBE_SHA1_DES3_EDE_CBC X

CKM_PBE_SHA1_DES2_EDE_CBC X

CKM_PBE_SHA1_RC2_128_CBC X

CKM_PBE_SHA1_RC2_40_CBC X

CKM_PBA_SHA1_WITH_SHA1_HMAC X

CKM_PKCS5_PBKD2 X

CKM_KEY_WRAP_SET_OAEP X

CKM_KEY_WRAP_LYNKS X

CKM_SSL3_PRE_MASTER_KEY_GEN X

CKM_SSL3_MASTER_KEY_DERIVE X

CKM_SSL3_KEY_AND_MAC_DERIVE X

CKM_SSL3_MD5_MAC X

CKM_SSL3_SHA1_MAC X

CKM_CONCATENATE_BASE_AND_KEY X

CKM_CONCATENATE_BASE_AND_DATA X

CKM_CONCATENATE_DATA_AND_BASE X

CKM_XOR_BASE_AND_DATA X

CKM_EXTRACT_KEY_FROM_KEY X

¹ SR = SignRecover, VR = VerifyRecover.

² Single-part operations only.

³ Mechanism can only be used for wrapping, not unwrapping.

The remainder of Section 11.17.2 will present in detail the mechanisms supported by Cryptoki Version 2.1 and the parameters which are supplied to them.

In general, if a mechanism makes no mention of the ulMinKeyLen and ulMaxKeyLen fields of the CK_MECHANISM_INFO structure, then those fields have no meaning for that particular mechanism.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210

	Functions
Mechanism	Encrypt & Decrypt	Sign & Verify	SR & VR1	Digest	Gen. Key/ Key Pair	Wrap & Unwrap	Derive
CKM_RSA_PKCS_KEY_PAIR_GEN					X
CKM_RSA_PKCS	X²	X²	X			X
CKM_RSA_PKCS_OAEP	X²					X
CKM_RSA_9796		X²	X
CKM_RSA_X_509	X²	X²	X			X
CKM_MD2_RSA_PKCS		X
CKM_MD5_RSA_PKCS		X
CKM_SHA1_RSA_PKCS		X
CKM_RIPEMD128_RSA_PKCS		X
CKM_RIPEMD160_RSA_PKCS		X
CKM_DSA_KEY_PAIR_GEN					X
CKM_DSA		X²
CKM_DSA_SHA1		X
CKM_FORTEZZA_TIMESTAMP		X²
CKM_ECDSA_KEY_PAIR_GEN					X
CKM_ECDSA		X²
CKM_ECDSA_SHA1		X
CKM_DH_PKCS_KEY_PAIR_GEN					X
CKM_DH_PKCS_DERIVE							X
CKM_KEA_KEY_PAIR_GEN					X
CKM_KEA_KEY_DERIVE							X
CKM_GENERIC_SECRET_KEY_GEN					X
CKM_RC2_KEY_GEN					X
CKM_RC2_ECB	X					X
CKM_RC2_CBC	X					X
CKM_RC2_CBC_PAD	X					X
CKM_RC2_MAC_GENERAL		X
CKM_RC2_MAC		X
CKM_RC4_KEY_GEN					X
CKM_RC4	X
CKM_RC5_KEY_GEN					X
CKM_RC5_ECB	X					X
CKM_RC5_CBC	X					X
CKM_RC5_CBC_PAD	X					X
CKM_RC5_MAC_GENERAL		X
CKM_RC5_MAC		X
CKM_DES_KEY_GEN					X
CKM_DES_ECB	X					X
CKM_DES_CBC	X					X
CKM_DES_CBC_PAD	X					X
CKM_DES_MAC_GENERAL		X
CKM_DES_MAC		X
CKM_DES2_KEY_GEN					X
CKM_DES3_KEY_GEN					X
CKM_DES3_ECB	X					X
CKM_DES3_CBC	X					X
CKM_DES3_CBC_PAD	X					X
CKM_DES3_MAC_GENERAL		X
CKM_DES3_MAC		X
CKM_CAST_KEY_GEN					X
CKM_CAST_ECB	X					X
CKM_CAST_CBC	X					X
CKM_CAST_CBC_PAD	X					X
CKM_CAST_MAC_GENERAL		X
CKM_CAST_MAC		X
CKM_CAST3_KEY_GEN					X
CKM_CAST3_ECB	X					X
CKM_CAST3_CBC	X					X
CKM_CAST3_CBC_PAD	X					X
CKM_CAST3_MAC_GENERAL		X
CKM_CAST3_MAC		X
CKM_CAST128_KEY_GEN ( CKM_CAST5_KEY_GEN)					X
CKM_CAST128_ECB ( CKM_CAST5_ECB)	X					X
CKM_CAST128_CBC ( CKM_CAST5_CBC)	X					X
CKM_CAST128_CBC_PAD ( CKM_CAST5_CBC_PAD)	X					X
CKM_CAST128_MAC_GENERAL ( CKM_CAST5_MAC_GENERAL)		X
CKM_CAST128_MAC ( CKM_CAST5_MAC)		X
CKM_IDEA_KEY_GEN					X
CKM_IDEA_ECB	X					X
CKM_IDEA_CBC	X					X
CKM_IDEA_CBC_PAD	X					X
CKM_IDEA_MAC_GENERAL		X
CKM_IDEA_MAC		X
CKM_CDMF_KEY_GEN					X
CKM_CDMF_ECB	X					X
CKM_CDMF_CBC	X					X
CKM_CDMF_CBC_PAD	X					X
CKM_CDMF_MAC_GENERAL		X
CKM_CDMF_MAC		X
CKM_SKIPJACK_KEY_GEN					X
CKM_SKIPJACK_ECB64	X
CKM_SKIPJACK_CBC64	X
CKM_SKIPJACK_OFB64	X
CKM_SKIPJACK_CFB64	X
CKM_SKIPJACK_CFB32	X
CKM_SKIPJACK_CFB16	X
CKM_SKIPJACK_CFB8	X
CKM_SKIPJACK_WRAP						X
CKM_SKIPJACK_PRIVATE_WRAP						X
CKM_SKIPJACK_RELAYX						X³
CKM_BATON_KEY_GEN					X
CKM_BATON_ECB128	X
CKM_BATON_ECB96	X
CKM_BATON_CBC128	X
CKM_BATON_COUNTER	X
CKM_BATON_SHUFFLE	X
CKM_BATON_WRAP						X
CKM_JUNIPER_KEY_GEN					X
CKM_JUNIPER_ECB128	X
CKM_JUNIPER_CBC128	X
CKM_JUNIPER_COUNTER	X
CKM_JUNIPER_SHUFFLE	X
CKM_JUNIPER_WRAP						X
CKM_MD2				X
CKM_MD2_HMAC_GENERAL		X
CKM_MD2_HMAC		X
CKM_MD2_KEY_DERIVATION							X
CKM_MD5				X
CKM_MD5_HMAC_GENERAL		X
CKM_MD5_HMAC		X
CKM_MD5_KEY_DERIVATION							X
CKM_SHA_1				X
CKM_SHA_1_HMAC_GENERAL		X
CKM_SHA_1_HMAC		X
CKM_SHA1_KEY_DERIVATION							X
CKM_RIPEMD128				X
CKM_RIPEMD128_HMAC_GENERAL		X
CKM_RIPEMD128_HMAC		X
CKM_RIPEMD160				X
CKM_RIPEMD160_HMAC_GENERAL		X
CKM_RIPEMD160_HMAC		X
CKM_FASTHASH				X
CKM_PBE_MD2_DES_CBC					X
CKM_PBE_MD5_DES_CBC					X
CKM_PBE_MD5_CAST_CBC					X
CKM_PBE_MD5_CAST3_CBC					X
CKM_PBE_MD5_CAST128_CBC ( CKM_PBE_MD5_CAST5_CBC)					X
CKM_PBE_SHA1_CAST128_CBC ( CKM_PBE_SHA1_CAST5_CBC)					X
CKM_PBE_SHA1_RC4_128					X
CKM_PBE_SHA1_RC4_40					X
CKM_PBE_SHA1_DES3_EDE_CBC					X
CKM_PBE_SHA1_DES2_EDE_CBC					X
CKM_PBE_SHA1_RC2_128_CBC					X
CKM_PBE_SHA1_RC2_40_CBC					X
CKM_PBA_SHA1_WITH_SHA1_HMAC					X
CKM_PKCS5_PBKD2					X
CKM_KEY_WRAP_SET_OAEP						X
CKM_KEY_WRAP_LYNKS						X
CKM_SSL3_PRE_MASTER_KEY_GEN					X
CKM_SSL3_MASTER_KEY_DERIVE							X
CKM_SSL3_KEY_AND_MAC_DERIVE							X
CKM_SSL3_MD5_MAC		X
CKM_SSL3_SHA1_MAC		X
CKM_CONCATENATE_BASE_AND_KEY							X
CKM_CONCATENATE_BASE_AND_DATA							X
CKM_CONCATENATE_DATA_AND_BASE							X
CKM_XOR_BASE_AND_DATA							X
CKM_EXTRACT_KEY_FROM_KEY							X

Mechanisms

Sections

Detailed Description