Overview of Using Cryptography Extensions

A selection of Security and Cryptography classes are supported by the simulator. The support for security and cryptography enables you to:

  • Generate message digests using MD5, RIPEMD160, SHA1, SHA2 and SHA3 algorithms

  • Generate cryptographic keys on Java Card technology-compliant smart cards for use in the ECC, DSA and RSA algorithms

  • Set cryptographic keys on Java Card technology-compliant smart cards for use in the AES, DES, 3DES, HMAC, ECC, DSA, and RSA algorithms

  • Encrypt and decrypt data with the keys using the AES, DES, 3DES, and RSA algorithms

  • Encrypt and decrypt data and associated data with AES keys using AEAD algorithms

  • Generate and verify signatures using MAC, CMAC, HMAC,DSA, ECDSA, and RSA algorithms.

  • Generate and verify signatures with message recovery using RSA algorithm

  • Generate sequences of random bytes

  • Perform key-agreement with ECC algorithm

  • Generate checksums with CRC algorithms

  • Support padding schemes for signatures and cipher operations

  • Generate derived data using KDF in Counter mode and HKDF for TLSv1.2, TLSv1.3 and DTLSv1.3 algorithms

    Note:

    DES is also known as single-key DES. 3DES is also known as triple-DES.

Refer to the following publications, for more information on the cryptographic algorithms and schemes:

  • For SHA1 — "Secure Hash Standard", FIPS Publication 180-1: https://www.nist.gov/itl

  • For DES — "Data Encryption Standard (DES)", FIPS Publication 46-2 and "DES Modes of Operation", FIPS Publication 81: http://csrc.nist.gov

  • For RSA — "RSASSA-PSS (Probabilistic Signature Scheme padding. Signature Scheme)": PKCS#1-PSS scheme (IEEE 1363-2000), PKCS#1-OAEP scheme (IEEE 1363-2000)

  • For RSA — "RSA-OAEP (Optimal Asymmetric Encryption Padding) Encryption Scheme"

  • For RSA - Signature with message recovery: ISO/IEC 9796-2

  • For AES — "Advanced Encryption Standard (AES)" FIPs Publication 197: https://www.nist.gov/itl

  • For ECDSA —"Digital Signature Standard (DSS)” FIPS PUB 186-2: https://csrc.nist.gov

  • For ECB, CBC, CFB — "Recommendation for Block Cipher Modes of Operations " NIST SP 800-38A: https://csrc.nist.gov/pubs/sp/800/38/a/final

  • For AES-XTS — "IEEE Standard for Cryptographic Protection of Data on Block-Oriented " Storage Device” IEEE Std 1619-2018 https://standards.ieee.org

  • For ISO-9797 padding methods — "Information technology – Security techniques – Message Authentication Codes (MACs) Part 1: Mechanics, using a block cipher” ISO(IEC-9797-1:2011: https://www.iso.org

  • For PKCS#5 padding — "PKCS#5: Password-Based Cryptography Specification Version 2.0” https://datatracker.ietf.org/doc/html/rfc2898

  • For Checksum — "Informationtechnology—Telecommunications and information exchange between systems—High-level data link control (HDLC) procedures" ISO/IEC-13239:2002 (replaces ISO-3309): https://www.iso.org

  • For SHA224, SHA256, SHA384, SHA512 — "Secure Hash Standard", FIPS Publication 180-2: https://www.nist.gov/itl

  • For SHA3-224, SHA3-256, SHA3-384 and SHA3-512 - "FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" https://csrc.nist.gov/projects/hash-functions/sha-3-project/sha-3-standardization

  • For RIPEMD-160 — "Information technology – Hash functions – Part 3: Dedicated hash functions" ISO/IEC 10118-3:2018: https://www.iso.org

  • For HMAC with SHA1, SHA256, SHA384, SHA512"Keyed-Hashing for Message Authentication", RFC-2104

  • For HKDFExpand-Label of TLSv1.3: IETF RFC 8446 and DTLS1.3: IETF RFC 9147

  • For DSA"Digital Signature Algorithm", Standard, NIST FIPS 186.

  • For Edwards Curves — curve25519 and curve448 and Key Agreement operation (Elliptic Curve Diffie-Hellman ECDH) : RFC 7748
  • For Edwards Curves — edwards25519 and edwards448 and Signature operations (Edwards-Curve Digital Signature Algorithm - EdDSA): RFC 8032