Supported Cryptography Classes

The implementation of security and cryptography in the simulator supports the use of the following classes:

  • javacardx.crypto.AEADCipher
  • javacardx.crypto.Cipher
  • javacard.security.Checksum
  • javacardx.security.derivation.DerivationFunction
  • javacardx.security.cert.CertificateParser
  • javacard.security.InitializedMessageDigest
  • javacard.security.KeyAgreement
  • javacard.security.KeyBuilder
  • javacard.security.KeyPair
  • javacard.security.MessageDigest
  • javacard.security.RandomData
  • javacard.security.Signature
  • javacard.security.SignatureMessageRecovery

Table A-1 lists the cryptography algorithms that are implemented for the simulator.

Class Algorithm
AEADCipher

Supports ALG_AES_CCM and ALG_AES_GCM (supports only the 12-byte IV length, which is the value recommended by NIST).

Corresponding combinations (cipher algorithm, padding algorithm):
  • (CIPHER_AES_CCM, PAD_NULL)
  • (CIPHER_AES_GCM, PAD_NULL)
Checksum
  • ALG_ISO3309_CRC16 — ISO/IEC 3309-compliant 16-bit CRC algorithm. This algorithm uses the generator polynomial: x^16+x^12+x^5+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.2 of the ISO/IEC 13239 specification.
  • ALG_ISO3309_CRC32 — ISO/IEC 3309-compliant 32-bit CRC algorithm. This algorithm uses the generator polynomial: x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8 +x^7+x^5+x^4+x^2+x+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.3 of the ISO/IEC 13239 specification.
Cipher

  • ALG_DES_CBC_NOPAD — provides a cipher using DES in CBC mode without padding. This algorithm uses CBC mode for DES and 3DES.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_CBC, PAD_NOPAD)

  • ALG_DES_CBC_PKCS5 — provides a cipher using DES in CBC mode with PKCS5 padding.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_CBC, PAD_PKCS5)

  • ALG_DES_CBC_ISO9797_M1 — provides a cipher using DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 1 scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_CBC, PAD_ISO9797_M1)

  • ALG_DES_CBC_ISO9797_M2 — provides a cipher using DES in CBC mode. This algorithm uses EBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

    Corresponding combination (cipher algorithm, padding algorithm)

    • (CIPHER_DES_CBC, PAD_ISO9797_M2)

  • ALG_DES_ECB_NOPAD — provides a cipher using DES in ECB mode without padding. This algorithm uses ECB mode for DES and 3DES.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_ECB, PAD_NOPAD)

  • ALG_DES_ECB_PKCS5 — provides a cipher using DES in ECB mode with PKCS5 padding. This algorithm uses ECB for DES and 3DES.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_ECB, PAD_PKCS5)

  • ALG_DES_ECB_ISO9797_M1 — provides a cipher using DES in ECB mode. This algorithm uses ECB for DES and 3DES. Input data is padded according to the ISO 9797 method 1.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_ECB, PAD_ISO9797_M1)

  • ALG_DES_ECB_ISO9797_M2 — provides a cipher using DES in ECB mode. This algorithm uses ECB for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_DES_ECB, PAD_ISO9797_M2)
  • ALG_RSA_NOPAD — provides a cipher using RSA without padding. Corresponding combination (cipher algorithm, padding algorithm):
    • (CIPHER_RSA, PAD_NOPAD)

  • ALG_RSA_PKCS1_OAEP — provides a cipher using RSA using the Optimal Asymmetric Encryption Padding scheme (OAEP).

    Corresponding combinations (cipher algorithm, padding algorithm):

    • (CIPHER_RSA, PAD_PKCS1_OAEP)
    • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA224)
    • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA256)
    • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA384)
    • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA512)
    • (CIPHER_RSA, PAD_PKCS1_OAEP_EXT_PARAMETERS)

      Note:

      The very last combination also permits customization of the MGF1 digest algorithm with ALG_SHA or ALG_SHA256.

  • ALG_RSA_PKCS1 — provides a cipher using RSA. Input data is padded according to the PKCS#1 (v1.5) scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_RSA, PAD_PKCS1)

  • ALG_AES_BLOCK_128_CBC_NOPAD — provides a cipher using AES with block size 128 in CBC mode and does not pad input data.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CBC, PAD_NOPAD)

  • ALG_AES_BLOCK_128_ECB_NOPAD — provides a cipher using AES with block size 128 in ECB mode and does not pad input data.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_ECB, PAD_NOPAD)

  • ALG_AES_CBC_ISO9797_M1 — provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the ISO 9797 method 1 scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CBC, PAD_ISO9797_M1)

  • ALG_AES_CBC_ISO9797_M2 — provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV’96) scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CBC, PAD_ISO9797_M2)

  • ALG_AES_ECB_ISO9797_M1 — provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the ISO 9797 method 1 scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_ECB, PAD_ISO9797_M1)

  • ALG_AES_ECB_ISO9797_M2 — provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV’96) scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_ECB, PAD_ISO9797_M2)

  • ALG_AES_CBC_PKCS5 — provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the PKCS#5 scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CBC, PAD_PKCS5)

  • ALG_AES_ECB_PKCS5 — provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the PKCS#5 scheme.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_ECB, PAD_PKCS5)

  • ALG_AES_CTR — provides a cipher using AES in Counter Mode (CTR) as defined in RFC-3686.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CTR, PAD_NULL)

  • ALG_AES_XTS — provides a cipher using AES in XEX Tweakable Block Cipher with Ciphertext Stealing (XTS) mode as defined in IEEE Std 1619. AES keys of 128-bit and 256-bit length are supported.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_XTS, PAD_NULL)

  • ALG_AES_CFB — provides a cipher using AES in Cipher Feedback (CFB) mode.

    Corresponding combination (cipher algorithm, padding algorithm):

    • (CIPHER_AES_CFB, PAD_NULL)

  • ALG_KOREAN_SEED_ECB_NOPAD and ALG_KOREAN_SEED_CBC_NOPAD — both provide a cipher using Korean Seed in ECB or CBC mode with a 128 bit long Korean Seed key.

    Corresponding combinations (cipher algorithm, padding algorithm):

    • (CIPHER_KOREAN_SEED_CBC, PAD_NOPAD)
    • (CIPHER_KOREAN_SEED_ECB, PAD_NOPAD)
InitializedMessageDigest
Provides the functionality to create MessageDigest with the additional ability to allow for initialization with a starting hash value corresponding to a previously hashed part of the message. Supports algorithms as follows:
  • ALG_MD5
  • ALG_RIPEMD160
  • ALG_SHA
  • ALG_SHA_224
  • ALG_SHA_256
  • ALG_SHA_384
  • ALG_SHA_512
KeyAgreement

Supported algorithms:

  • ALG_DH_PLAIN — Diffie-Hellman (DH) secret value derivation primitive as per NIST Special Publication 800-56Ar2.
  • ALG_EC_PACE_GM — elliptic curve Generic Mapping according to TR03110 v2.
  • ALG_EC_SVDP_DH_KDF — elliptic curve secret value derivation primitive, Diffie-Hellman version, per [IEEE P1363].
  • ALG_EC_SVDP_DH_PLAIN_XY — elliptic curve secret value derivation primitive Diffie-Hellman version, as per [IEEE P1363].
  • ALG_EC_SVDP_DH_PLAIN — elliptic curve secret value derivation primitive, Diffie-Hellman version, per [IEEE P1363].
  • ALG_EC_SVDP_DHC_PLAIN — elliptic curve secret value derivation primitive, Diffie-Hellman version, with cofactor multiplication, and compatibility mode as per [IEEE P1363].
  • ALG_EC_SVDP_DHC_KDF — elliptic curve secret value derivation primitive, Diffie-Hellman version, with cofactor multiplication, and compatibility mode as per [IEEE P1363].
  • ALG_XDH — Elliptic Curve Diffie-Hellman key agreement protocol, using named curves X25519 or X448, as defined in RFC 7748.
KeyBuilder
Provides the functionality to create the following supported key types and key lengths:
  • 128, 192, 256 -bit ALG_TYPE_AES and 512-bit only for AES-XTS, additionally
    • TYPE_AES
    • TYPE_AES_TRANSIENT_RESET
    • TYPE_AES_TRANSIENT_DESELECT
  • 64, 128 and 192-bit ALG_TYPE_DES, additionally
    • TYPE_DES
    • TYPE_DES_TRANSIENT_RESET
    • TYPE_DES_TRANSIENT_DESELECT
  • 112-, up to 521-bit ALG_TYPE_EC_FP_PARAMETERS, additionally
    • TYPE_EC_FP_PARAMETERS
  • 112-, up to 521-bit ALG_TYPE_EC_FP_PRIVATE, additionally
    • TYPE_EC_FP_PRIVATE
    • TYPE_EC_FP_PRIVATE_TRANSIENT_RESET
    • TYPE_EC_FP_PRIVATE_TRANSIENT_DESELECT
  • 112-, up to 521-bit ALG_TYPE_EC_FP_PUBLIC, additionally
    • TYPE_EC_FP_PUBLIC
  • 113-, up to 193-bit ALG_TYPE_EC_F2M_PARAMETERS, additionally
    • TYPE_EC_F2M_PARAMETERS
  • 113-, up to 193-bit ALG_TYPE_EC_F2M_PRIVATE, additionally
    • TYPE_EC_F2M_PRIVATE
    • TYPE_EC_F2M_PRIVATE_TRANSIENT_RESET
    • TYPE_EC_F2M_PRIVATE_TRANSIENT_DESELECT
  • 113-, up to 193-bit ALG_TYPE_EC_F2M_PUBLIC, additionally
    • TYPE_EC_F2M_PUBLIC
  • 512-, up to 4096-bit ALG_TYPE_RSA_PRIVATE, additionally
    • TYPE_RSA_PRIVATE
    • TYPE_RSA_PRIVATE_TRANSIENT_RESET
    • TYPE_RSA_PRIVATE_TRANSIENT_DESELECT
  • 512-, up to 4096-bit ALG_TYPE_RSA_PUBLIC additionally
    • TYPE_RSA_PUBLIC
  • 512-, up to 4096-bit ALG_TYPE_RSA_CRT_PRIVATE, additionally
    • TYPE_RSA_CRT_PRIVATE
    • TYPE_RSA_CRT_PRIVATE_TRANSIENT_RESET
    • TYPE_RSA_CRT_PRIVATE_TRANSIENT_DESELECT
  • 8-, up to 512-bit ALG_TYPE_HMAC, additionally
    • TYPE_HMAC
    • TYPE_HMAC_TRANSIENT_RESET
    • TYPE_HMAC_TRANSIENT_DESELECT
  • 8-, up to 1024-bit ALG_TYPE_GENERIC_SECRET, additionally
    • TYPE_GENERIC_SECRET
  • 1024-bit and 2048-bit ALG_TYPE_DH_PARAMETERS, additionally
    • TYPE_DH_PARAMETERS
  • 1024-bit and 2048-bit ALG_TYPE_DH_PRIVATE, additionally
    • TYPE_DH_PRIVATE
    • TYPE_DH_PRIVATE_TRANSIENT_RESET
    • TYPE_DH_PRIVATE_TRANSIENT_DESELECT
  • 1024-bit and 2048-bit ALG_TYPE_DH_PUBLIC, additionally
    • TYPE_DH_PUBLIC
    • TYPE_DH_PUBLIC_TRANSIENT_RESET
    • TYPE_DH_PUBLIC_TRANSIENT_DESELECT
  • 1024-bit and 2048-bit ALG_TYPE_DSA_PARAMETERS, additionally
    • TYPE_DSA_PARAMETERS
  • 1024-bit and 2048-bit ALG_TYPE_DSA_PRIVATE, additionally
    • TYPE_DSA_PRIVATE
    • TYPE_DSA_PRIVATE_TRANSIENT_RESET
    • TYPE_DSA_PRIVATE_TRANSIENT_DESELECT
  • 1024-bit and 2048-bit ALG_TYPE_DSA_PUBLIC, additionally
    • TYPE_DSA_PUBLIC
  • 192-bit to 512-bit NamedParameterSpec.BRAINPOOLPXXXR1
  • 192-bit to 512-bit NamedParameterSpec.BRAINPOOLPXXXT1
  • 192-bit to 521-bit NamedPrameterSpec.SECPXXXR1
  • NamedParameterSpec.ED25519 and NamedParameterSpec.ED448
  • NamedParameterSpec.X25519 and NamedParameterSpec.X448
  • 128-bit ALG_TYPE_KOREAN_SEED with the following types:
    • TYPE_KOREAN_SEED
    • TYPE_KOREAN_SEED_TRANSIENT_RESET
    • TYPE_KOREAN_SEED_TRANSIENT_DESELECT
KeyPair
Provides the functionality to create and generate the following key pair types and lengths:
  • 112-, 128-, 160-, 192-, 224-, 256-, 384-, 521-bit ALG_EC_FP
  • 113-, 131-, 163-, 193-bit ALG_EC_F2M
  • 512-, 736-, 768-, 869-, 1024-, 1280-, 1536-, 2048-, 3072-, 4096-bit ALG_RSA and ALG_RSA_CRT
  • 1024-bit and 2048-bit ALG_DH
  • 1024-bit and 2048-bit ALG_DSA
  • 192-, 224-, 256-, 320-, 384-, 512 NamedPrameterSpec.BRAINPOOLPXXXT1
  • 192-, 224-, 256-, 320-, 384-, 512 NamedPrameterSpec.BRAINPOOLPXXXR1
  • 192-, 224-, 256-, 384-, 521 NamedPrameterSpec.SECPXXXR1
  • NamedParameterSpec.ED25519 and NamedParameterSpec.ED448
  • NamedParameterSpec.X25519 and NamedParameterSpec.X448
MessageDigest
Message digest supported algorithms:
  • ALG_MD5
  • ALG_RIPEMD160
  • ALG_SHA
  • ALG_SHA_224
  • ALG_SHA_256
  • ALG_SHA_384
  • ALG_SHA_512
OwnerPINBuilder
Creates a new PIN instance of the requested type, maximum allowed PIN size and tries limit, and with the validated flag initially set to false. Supported type:
  • OWNER_PIN
RandomData
Supported random byte generation algorithms:
  • ALG_FAST
  • ALG_KEYGENERATION
  • ALG_PRESEEDED_DRBG
  • ALG_TRNG
  • ALG_PSEUDO_RANDOM (deprecated)
  • ALG_SECURE_RANDOM (deprecated)
Signature

  • ALG_DES_MAC8_NOPAD — generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode with no padding applied.

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_NOPAD)
  • ALG_DES_MAC8_ISO9797_M1 — generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 1 (ISO 7816-4, EMV'96) scheme. Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):
    • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_M1)
  • ALG_DES_MAC8_ISO9797_M2 — generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):
    • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_M2)

  • ALG_DES_MAC8_ISO9797_1_M2_ALG3 — generates an 8-byte MAC using triple DES with 2 keys. The MAC is according to “MAC algorithm 3” of ISO 9797-1 with padding according to method 2 (see also EMV 3.0 and EMV 4.0).

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_1_M2_ALG3)

  • ALG_DES_MAC8_PKCS5 — generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to PKCS#5.

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_PKCS5)

  • ALG_DSA_SHA signs or verifies a message that is hashed with SHA1, SHA_224 or SHA-256.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_DSA, ALG_SHA, PAD_NULL)
    • (SIG_CIPHER_DSA, ALG_SHA_224, PAD_NULL)
    • (SIG_CIPHER_DSA, ALG_SHA_256, PAD_NULL)

  • ALG_RSA_MD5_PKCS1, ALG_RSA_RIPEMD160_PKCS1 — encrypts the MD5 or the RIPEMD160 message digest using RSA. The digest is padded according to the PKCS#1(v1.5) scheme.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_RSA, ALG_MD5, PAD_PKCS1)
    • (SIG_CIPHER_RSA, ALG_RIPEMD160, PAD_PKCS1)

  • ALG_RSA_SHA_ISO9796 — Provides a Signature using the RSA algorithm for signing or verifying a message. The message digest is padded according to the ISO9796 scheme.

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796)
  • ALG_RSA_SHA_PKCS1, ALG_RSA_SHA_224_PKCS1, ALG_RSA_SHA_256_PKCS1, ALG_RSA_SHA_384_PKCS1, ALG_RSA_SHA_512_PKCS1 — provide a Signature using the RSA algorithm for signing or verifying a message. The message digest is padded according to the PKCS#1(v1.5) scheme. Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):
    • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1)
    • (SIG_CIPHER_RSA, ALG_SHA_224, PAD_PKCS1)
    • (SIG_CIPHER_RSA, ALG_SHA_256, PAD_PKCS1)
    • (SIG_CIPHER_RSA, ALG_SHA_384, PAD_PKCS1)
    • (SIG_CIPHER_RSA, ALG_SHA_512, PAD_PKCS1)

  • ALG_RSA_SHA_PKCS1_PSS, ALG_RSA_SHA_224_PKCS1_PSS, ALG_RSA_SHA_256_PKCS1_PSS, ALG_RSA_SHA_384_PKCS1_PSS, ALG_RSA_SHA_512_PKCS1_PSS — provide a Signature using the Probabilistic Signature Scheme (PSS) for signing or verifying a message.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1_PSS)
    • (SIG_CIPHER_RSA, ALG_SHA224, PAD_PKCS1_PSS)
    • (SIG_CIPHER_RSA, ALG_SHA256, PAD_PKCS1_PSS)
    • (SIG_CIPHER_RSA, ALG_SHA384, PAD_PKCS1_PSS)
    • (SIG_CIPHER_RSA, ALG_SHA512, PAD_PKCS1_PSS)

    • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1_PSS_EXT_PARAMETERS)
    • (SIG_CIPHER_RSA, ALG_SHA224, PAD_PCKS1_PSS_EXT_PARAMETERS)
    • (SIG_CIPHER_RSA, ALG_SHA256, PAD_PCKS1_PSS_EXT_PARAMETERS)
    • (SIG_CIPHER_RSA, ALG_SHA384, PAD_PCKS1_PSS_EXT_PARAMETERS)
    • (SIG_CIPHER_RSA, ALG_SHA512, PAD_PCKS1_PSS_EXT_PARAMETERS)

      Note:

      The last five combinations permit also to customize the mask generation function (MGF1) digest algorithm with ALG_SHA or ALG_SHA256.

  • ALG_AES_MAC_128_NOPAD — generates a 16-byte MAC using AES with block size 128 in CBC mode and does not pad input data.

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_AES_MAC128, ALG_NULL, PAD_NOPAD)

  • ALG_AES_CMAC_128 — generates a 16-byte Cipher base MAC using AES with block size 128 in CBC with ISO9797-M2 padding.

    Corresponding combination (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_AES_CMAC128, ALG_NULL, PAD_ISO9797_M2)

  • ALG_ECDSA_SHA, ALG_ECDSA_SHA_224, ALG_ECDSA_SHA_256, ALG_ECDSA_SHA_384, ALG_ECDSA_SHA_512 — provide a Signature using ECDSA for signing or verifying a message.

    Corresponding combinations with signatures as ASN.1 SEQUENCE (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_ECDSA, ALG_SHA, PAD_NULL)
    • (SIG_CIPHER_ECDSA, ALG_SHA_224, PAD_NULL)
    • (SIG_CIPHER_ECDSA, ALG_SHA_256, PAD_NULL)
    • (SIG_CIPHER_ECDSA, ALG_SHA_384, PAD_NULL)
    • (SIG_CIPHER_ECDSA, ALG_SHA_512, PAD_NULL)

      Note:

      And the following combinations for an ECDSA signature encoded as octet string:
    • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA, PAD_NULL)
    • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA_224, PAD_NULL)
    • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA_256, PAD_NULL)
    • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA_384, PAD_NULL)
    • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA_512, PAD_NULL)

  • SIG_CIPHER_EDDSA, SIG_CIPHER_EDDSA_ED25519, SIG_CIPHER_ED448 — provide a Signature using Pure EdDSA for signing or verifying a message for the two variants Ed25519 and Ed448 (without context). They are always combined with ALG_NULL for the digest algorithm and PAD_NULL for the padding algorithm.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_EDDSA, ALG_NULL, PAD_NULL)
    • (SIG_CIPHER_EDDSA_ED25519, ALG_NULL, PAD_NULL)
    • (SIG_CIPHER_EDDSA_ED448, ALG_NULL, PAD_NULL)

  • ALG_HMAC_SHA1 and ALG_HMAC_SHA_256 — generate an HMAC using the steps found in RFC 2104 using the SHA1 and SHA-256 standards, respectively as the hashing algorithm.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_HMAC, ALG_SHA, PAD_NULL)
    • (SIG_CIPHER_HMAC, ALG_SHA_256, PAD_NULL)
SignatureMessageRecovery

  • ALG_RSA_SHA_ISO9796_MR — RSA ISO9796 signature with message recovery scheme1 trailer field option1 and SHA1 algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.

    Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):

    • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR)
    • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR_SCHEME_1_OPT_2)
DerivationFunction
  • ALG_HKDF_EXPAND_LABEL_TLS13 — Algorithm implementing the HKDF Expand Label version 1.3 for both TLS 1.3 (RFC 8446) and DTLS 1.3 (RFC 9147) cases.
  • ALG_KDF_HKDF — Algorithm implementing the HKDF Key Derivation function defined in IETF RFC 5869 with HMAC-SHA-1 or HMAC-SHA-256.
CertificateParser
  • TYPE_X509_DER — parser for X.509 v1, v2, and v3 DER-encoded certificates (see RFC 5280).
  • ALG_RSA_SHA_PKCS1 — is the supported signature algorithm.
Cipher.OneShot

Specialization of the Cipher class intended to support efficient one-shot ciphering and deciphering operations that may avoid persistent memory writes entirely.

Corresponding combinations (cipher algorithm, padding algorithm):
  • (CIPHER_KOREAN_SEED_CBC, PAD_NOPAD)
  • (CIPHER_KOREAN_SEED_ECB, PAD_NOPAD)

  • (CIPHER_DES_CBC, PAD_NOPAD)
  • (CIPHER_DES_CBC, PAD_ISO9797_M1)
  • (CIPHER_DES_CBC, PAD_ISO9797_M2)
  • (CIPHER_DES_CBC, PAD_PKCS5)

  • (CIPHER_DES_ECB, PAD_NOPAD)
  • (CIPHER_DES_ECB, PAD_ISO9797_M1)
  • (CIPHER_DES_ECB, PAD_ISO9797_M2)
  • (CIPHER_DES_ECB, PAD_PKCS5)

  • (CIPHER_AES_CBC, PAD_NOPAD)
  • (CIPHER_AES_CBC, PAD_ISO9797_M1)
  • (CIPHER_AES_CBC, PAD_ISO9797_M2)
  • (CIPHER_AES_CBC, PAD_PKCS5)

  • (CIPHER_AES_ECB, PAD_NOPAD)
  • (CIPHER_AES_ECB, PAD_ISO9797_M1)
  • (CIPHER_AES_ECB, PAD_ISO9797_M2)
  • (CIPHER_AES_ECB, PAD_PKCS5)

  • (CIPHER_AES_XTS, PAD_NULL)

  • (CIPHER_AES_CFB, PAD_NULL)

  • (CIPHER_AES_CTR, PAD_NULL)

  • (CIPHER_RSA, PAD_NOPAD)
  • (CIPHER_RSA, PAD_PKCS1)
  • (CIPHER_RSA, PAD_PKCS1_OAEP)
  • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA224)
  • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA256)
  • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA384)
  • (CIPHER_RSA, PAD_PKCS1_OAEP_SHA512)
  • (CIPHER_RSA, PAD_PKCS1_OAEP_EXT_PARAMETERS)
Signature.OneShot

Specialization of the Signature class intended to support efficient one-shot signing and verification operations that may avoid persistent memory writes entirely.

Corresponding combinations (cipher algorithm, digest algorithm, padding algorithm):
  • (SIG_CIPHER_DSA, ALG_SHA, PAD_NULL)
  • (SIG_CIPHER_DSA, ALG_SHA_224, PAD_NULL)
  • (SIG_CIPHER_DSA, ALG_SHA_256, PAD_NULL)

  • (SIG_CIPHER_ECDSA, ALG_SHA, PAD_NULL)
  • (SIG_CIPHER_ECDSA, ALG_SHA_224, PAD_NULL)
  • (SIG_CIPHER_ECDSA, ALG_SHA_256, PAD_NULL)
  • (SIG_CIPHER_ECDSA, ALG_SHA_384, PAD_NULL)
  • (SIG_CIPHER_ECDSA, ALG_SHA_512, PAD_NULL)

  • (SIG_CIPHER_ECDSA_PLAIN, ALG_SHA, PAD_NULL)
  • (SIG_CIPHER_ECDSA _PLAIN, ALG_SHA_224, PAD_NULL)
  • (SIG_CIPHER_ECDSA _PLAIN, ALG_SHA_256, PAD_NULL)
  • (SIG_CIPHER_ECDSA _PLAIN, ALG_SHA_384, PAD_NULL)
  • (SIG_CIPHER_ECDSA _PLAIN, ALG_SHA_512, PAD_NULL)

  • (SIG_CIPHER_EDDSA, ALG_NULL, PAD_NULL)
  • (SIG_CIPHER_EDDSA_ED25519, ALG_NULL, PAD_NULL)
  • (SIG_CIPHER_EDDSA_ED448, ALG_NULL, PAD_NULL)

  • (SIG_CIPHER_HMAC, ALG_SHA, PAD_NULL)
  • (SIG_CIPHER_HMAC, ALG_SHA_256, PAD_NULL)

  • (SIG_CIPHER_AES_MAC128, ALG_NULL, PAD_NOPAD)

  • (SIG_CIPHER_AES_CMAC128, ALG_NULL, PAD_ISO9797_M2)

  • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_NOPAD)
  • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_M1)
  • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_M2)
  • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_ISO9797_1_M2_ALG3)
  • (SIG_CIPHER_DES_MAC8, ALG_NULL, PAD_PKCS5)

  • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796)
  • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR)
  • (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR_SCHEME_1_OPT_2)

  • (SIG_CIPHER_RSA, ALG_RIPEMD160, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_MD5, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_SHA_224, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_SHA_256, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_SHA_384, PAD_PKCS1)
  • (SIG_CIPHER_RSA, ALG_SHA_512, PAD_PKCS1)

  • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1_PSS)
  • (SIG_CIPHER_RSA, ALG_SHA_224, PAD_PKCS1_PSS)
  • (SIG_CIPHER_RSA, ALG_SHA_256, PAD_PKCS1_PSS)
  • (SIG_CIPHER_RSA, ALG_SHA_384, PAD_PKCS1_PSS)
  • (SIG_CIPHER_RSA, ALG_SHA_512, PAD_PKCS1_PSS)

  • (SIG_CIPHER_RSA, ALG_SHA, PAD_PKCS1_PSS_EXT_PARAMETERS)
  • (SIG_CIPHER_RSA, ALG_SHA_224, PAD_PKCS1_PSS_EXT_PARAMETERS)
  • (SIG_CIPHER_RSA, ALG_SHA_256, PAD_PKCS1_PSS_EXT_PARAMETERS)
  • (SIG_CIPHER_RSA, ALG_SHA_384, PAD_PKCS1_PSS_EXT_PARAMETERS)
  • (SIG_CIPHER_RSA, ALG_SHA_512, PAD_PKCS1_PSS_EXT_PARAMETERS)
RandomData.OneShot
Specialization of the RandomData class intended to support efficient one-shot random data generation operations that may avoid persistent memory writes entirely. Supported types:
  • ALG_FAST
  • ALG_KEYGENERATION
  • ALG_PRESEEDED_DRBG
  • ALG_TRNG
  • ALG_PSEUDO_RANDOM (deprecated)
  • ALG_SECURE_RANDOM (deprecated)
MessageDigest.OneShot

Specialization of the MessageDigest class intended to support efficient one-shot hash operations that may avoid persistent memory writes entirely. Supported types:

  • ALG_MD5
  • ALG_RIPEMD160
  • ALG_SHA
  • ALG_SHA_224
  • ALG_SHA_256
  • ALG_SHA_384
  • ALG_SHA_512
InitializedMessageDigest.OneShot
Specialization of the InitializedMessageDigest class intended to support efficient one-shot hash operations that may avoid persistent memory writes entirely. Supported types:
  • ALG_MD5
  • ALG_RIPEMD160
  • ALG_SHA
  • ALG_SHA_224
  • ALG_SHA_256
  • ALG_SHA_384
  • ALG_SHA_512
DerivationFunction.OneShot
Specialization of the DerivationFunction class intended to support efficient one-shot derivation-function operations that may avoid persistent memory writes entirely. Supported types:
  • ALG_KDF_HKDF
  • ALG_HKDF_EXPAND_LABEL_TLS13