Overview of Using Cryptography Extensions
A selection of Security and Cryptography classes are supported by the simulator. The support for security and cryptography enables you to:
-
Generate message digests using
MD5
,RIPEMD160
,SHA1
andSHA2
algorithms -
Generate cryptographic keys on Java Card technology-compliant smart cards for use in the
ECC
,DSA
andRSA
algorithms -
Set cryptographic keys on Java Card technology-compliant smart cards for use in the
AES
,DES
,3DES
,HMAC
,ECC
,DSA
, andRSA
algorithms -
Encrypt and decrypt data with the keys using the
AES
,DES
,3DES
, andRSA
algorithms - Encrypt and decrypt data and associated data with
AES
keys usingAEAD
algorithms -
Generate and verify signatures using
MAC
,CMAC
,HMAC
,DSA
,ECDSA
, andRSA
algorithms. - Generate and verify signatures with message recovery using
RSA
algorithm -
Generate sequences of random bytes
- Perform key-agreement with
ECC
algorithm -
Generate checksums with
CRC
algorithms - Support padding schemes for signatures and cipher operations
-
Generate derived data using
KDF
in Counter mode andHKDF
forTLSv1.2
,TLSv1.3
andDTLSv1.3
algorithmsNote:
DES
is also known as single-keyDES
.3DES
is also known as triple-DES
.
Refer to the following publications, for more information on the cryptographic algorithms and schemes:
-
For
SHA1
— "Secure Hash Standard", FIPS Publication 180-1: https://www.nist.gov/itl -
For
DES
— "Data Encryption Standard (DES)", FIPS Publication 46-2 and "DES Modes of Operation", FIPS Publication 81: http://csrc.nist.gov -
For
RSA
— "RSASSA-PSS (Probabilistic Signature Scheme padding. Signature Scheme)": PKCS#1-PSS scheme (IEEE 1363-2000), PKCS#1-OAEP scheme (IEEE 1363-2000) -
For
RSA
— "RSA-OAEP (Optimal Asymmetric Encryption Padding) Encryption Scheme" -
For
RSA
- Signature with message recovery: ISO/IEC 9796-2 -
For
AES
— "Advanced Encryption Standard (AES)" FIPs Publication 197: https://www.nist.gov/itl -
For ECDSA —"Digital Signature Standard (DSS)” FIPS PUB 186-2: https://csrc.nist.gov
-
For ECB, CBC, CFB — "Recommendation for Block Cipher Modes of Operations " NIST SP 800-38A: https://csrc.nist.gov/pubs/sp/800/38/a/final
-
For AES-XTS — "IEEE Standard for Cryptographic Protection of Data on Block-Oriented " Storage Device” IEEE Std 1619-2018 https://standards.ieee.org
-
For ISO-9797 padding methods — "Information technology – Security techniques – Message Authentication Codes (MACs) Part 1: Mechanics, using a block cipher” ISO(IEC-9797-1:2011: https://www.iso.org
-
For PKCS#5 padding — "PKCS#5: Password-Based Cryptography Specification Version 2.0” https://datatracker.ietf.org/doc/html/rfc2898
-
For Checksum — "Informationtechnology—Telecommunications and information exchange between systems—High-level data link control (HDLC) procedures" ISO/IEC-13239:2002 (replaces ISO-3309): https://www.iso.org
-
For
SHA224
,SHA256
,SHA384
andSHA521
— "Secure Hash Standard", FIPS Publication 180-2: https://www.nist.gov/itl -
For RIPEMD-160 — "Information technology – Hash functions – Part 3: Dedicated hash functions" ISO/IEC 10118-3:2018: https://www.iso.org
-
For HMAC with SHA1 or SHA256 — "Keyed-HashingforMessageAuthentication", RFC-2104
-
For
HKDF
— Expand-Label ofTLSv1.3
: IETF RFC 8446 andDTLS1.3
: IETF RFC 9147 -
For
DSA
— "Digital Signature Algorithm", Standard, NIST FIPS 186.