PKCS#11 – Supported Mechanism – Function Table
The following table shows which combinations of functions and mechanisms are supported by PKCS#11 library. An “x” mark indicates that the PKCS#11 library supports the mechanism for the function.
| Mechanism | Generate Key | Public/ Private Key Pair Generation | Encrypt/ Encrypt Message | Decrypt/ Decrypt Message | Encrypt/ Encrypt Message (Single- part only) | Decrypt/ Decrypt Message (Single- part only) | Sign/ Sign Message | Verify/ Verify Message | Sign (Single- part only) | Verify (Single- part only) | Digest | Derive Key | Unwrap Key | Wrap Key | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CKM_AES_CBC | X | X | using AES [FIPS 197] with 128-bit or 256-bit key sizes | ||||||||||||
| CKM_AES_CBC_PAD | X | X | using AES [FIPS 197] with 128-bit or 256-bit key sizes | ||||||||||||
| CKM_AES_CTR | X | X | using AES [FIPS 197] with 128-bit or 256-bit key sizes | ||||||||||||
| CKM_AES_GCM | X | X | X | X | using AES [FIPS 197] with 128-bit or 256-bit key sizes | ||||||||||
| CKM_AES_CMAC | X | X | X | using AES [FIPS 197] with 128-bit or 256-bit key sizes | |||||||||||
| CKM_AES_GMAC | X | X | |||||||||||||
| CKM_SHA256_HMAC | X | ||||||||||||||
| CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF | X | Custom mechanism intended for camera use | |||||||||||||
| CKM_SHA256 | X | ||||||||||||||
| CKM_SHA384 | X | ||||||||||||||
| CKM_SHA512 | X | ||||||||||||||
| CKM_SHA3_256 | X | ||||||||||||||
| CKM_SHA3_384 | X | ||||||||||||||
| CKM_SHA3_512 | X | ||||||||||||||
| CKM_AES_KEY_WRAP | X | X | For use with MACSEC | ||||||||||||
| CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP | X | Custom mechanism intended for camera use | |||||||||||||
| CKM_AES_KEY_GEN | X | returning 128-bit or 256-bit key sizes | |||||||||||||
| CKM_GENERIC_SECRET_KEY_GEN | X | returning 128-bit or 256-bit key sizes | |||||||||||||
| CKM_EC_EDWARDS_KEY_PAIR_GEN | X | generate EC public/private key pairs over the curve Ed25519 | |||||||||||||
| CKM_EC_MONTGOMERY_KEY_PAIR_GEN | X | generate EC public/private key pairs over the curve 25519 | |||||||||||||
| CKM_EC_KEY_PAIR_GEN | X | generate EC public/private key pairs over the curve secp256r1 FIPS 186-4 Appendix B.4.2 | |||||||||||||
| CKM_SP800_108_COUNTER_KDF | X | using CKM_AES_CMAC [FIPS 197] with 128-bit or 256-bit key sizes | |||||||||||||
| CKM_SP800_108_COUNTER_KDF | X | using CKM_SHA256_HMAC [FIPS 198-1][FIPS 180-4] with 128 or 256-bit key sizes | |||||||||||||
| CKM_ECDH1_DERIVE | X | Deriving either a CKK_GENERIC_SECRET or CKK_AES. Curve25519 or Curve448 or secp256r1 | |||||||||||||
| CKM_RSA_PKCS_PSS | X | using RSA with 3072 and 4096-bit key sizes, and secure hash algorithms SHA-256 and SHA-512 [FIPS 180-4] for both the hash algorithm and Mask Generating Function (MGF1) [PKCS1-v2.2] | |||||||||||||
| CKM_EDDSA | X | X | curve Ed25519ph [RFC 8032] | ||||||||||||
| CKM_EDDSA (non prehash) | X | X |
curve Ed25519 [RFC 8032] curve448 |
||||||||||||
| CKM_ECDSA | X | X |
curve secp256r1 [SEC2-V2] using secure hash algorithm SHA-256 [FIPS 180-4] |