A mechanism specifies how a particular cryptographic process is to be performed.
The table below shows which Cryptoki mechanisms are supported by which cryptographic operations. It replaces the table at the beginning of chapter 12 “Mechanisms” of the PKCS#11 V2.20 standard.
XX: | The function(s) is/are supported. |
X: | Single-part operations are supported. |
Wrap and unwrap are only possible on secret keys.
Mechanisms | Functions | ||||||
Encrypt & Decrypt | Sign & Verify | Sign- / Verify- Recover | Digest | Generat e Key/ KeyPair | Wrap & Unwrap | Derive | |
CKM_RSA_PKCS_KEY_PAIR_GEN | xx | ||||||
CKM_RSA_9796 | x | x | x | xx | |||
CKM_RSA_PKCS | x | x | x | xx | |||
CKM_RSA_X_509 | x | x | x | xx | |||
CKM_MD2_RSA_PKCS | xx | ||||||
CKM_MD5_RSA_PKCS | xx | ||||||
CKM_SHA1_RSA_PKCS | xx | ||||||
CKM_SHA224_RSA_PKCS | xx | ||||||
CKM_SHA256_RSA_PKCS | xx | ||||||
CKM_SHA384_RSA_PKCS | xx | ||||||
CKM_SHA512_RSA_PKCS | xx | ||||||
CKM_RIPEMD160_RSA_PKCS | xx | ||||||
CKM_DSA_KEY_PAIR_GEN | xx | ||||||
CKM_DSA | x | ||||||
CKM_DSA_SHA1 | xx | ||||||
CKM_DH_PKCS_KEY_PAIR_GEN | xx | ||||||
CKM_DH_PKCS_DERIVE | xx | ||||||
CKM_RC2_KEY_GEN | xx | ||||||
CKM_RC2_ECB | xx | xx | |||||
CKM_RC2_CBC | xx | xx | |||||
CKM_RC2_CBC_PAD | xx | xx | |||||
CKM_RC2_MAC_GENERAL | xx | ||||||
CKM_RC2_MAC | xx | ||||||
CKM_RC4_KEY_GEN | xx | ||||||
CKM_RC4 | xx | ||||||
CKM_RC5_KEY_GEN | xx | ||||||
CKM_RC5_ECB | xx | xx | |||||
CKM_RC5_CBC | xx | xx | |||||
CKM_RC5_CBC_PAD | xx | xx | |||||
CKM_RC5_MAC_GENERAL | xx | ||||||
CKM_RC5_MAC | xx | ||||||
CKM_DES_KEY_GEN | xx | ||||||
CKM_DES_ECB | xx | xx | |||||
CKM_DES_CBC | xx | xx | |||||
CKM_DES_CBC_PAD | xx | xx | |||||
CKM_DES_MAC_GENERAL | xx | ||||||
CKM_DES_MAC | xx | ||||||
CKM_DES2_KEY_GEN | xx | ||||||
CKM_DES3_KEY_GEN | xx | ||||||
CKM_DES3_ECB | xx | xx | |||||
CKM_DES3_CBC | xx | xx | |||||
CKM_DES3_CBC_PAD | xx | xx | |||||
CKM_DES3_MAC_GENERAL | xx | ||||||
CKM_DES3_MAC | xx | ||||||
CKM_MD2 | xx | ||||||
CKM_MD2_HMAC_GENERAL | xx | ||||||
CKM_MD2_HMAC | xx | ||||||
CKM_MD5 | xx | ||||||
CKM_MD5_HMAC_GENERAL | xx | ||||||
CKM_MD5_HMAC | xx | ||||||
CKM_SHA_1 | xx | ||||||
CKM_SHA_1_HMAC_GENERAL | xx | ||||||
CKM_SHA_1_HMAC | xx | ||||||
CKM_SHA224 | xx | ||||||
CKM_SHA224_HMAC_GENERAL | xx | ||||||
CKM_SHA224_HMAC | xx | ||||||
CKM_SHA256 | xx | ||||||
CKM_SHA256_HMAC_GENERAL | xx | ||||||
CKM_SHA256_HMAC | xx | ||||||
CKM_SHA384 | xx | ||||||
CKM_SHA384_HMAC_GENERAL | xx | ||||||
CKM_SHA384_HMAC | xx | ||||||
CKM_SHA512 | xx | ||||||
CKM_SHA512_HMAC_GENERAL | xx | ||||||
CKM_SHA512_HMAC | xx | ||||||
CKM_RIPEMD160 | xx | ||||||
CKM_RIPEMD160_HMAC_GENERAL | xx | ||||||
CKM_RIPEMD160_HMAC | xx | ||||||
CKM_AES_KEY_GEN | xx | ||||||
CKM_AES_ECB | xx | xx | |||||
CKM_AES_CBC | xx | xx | |||||
CKM_AES_CBC_PAD | xx | xx | |||||
| CKM_AES_CTR | xx | xx | |||||
| CKM_AES_CCM | xx | xx | |||||
| CKM_AES_GCM | xx | xx | |||||
CKM_AES_MAC_GENERAL | xx | ||||||
CKM_AES_MAC | xx | ||||||