本文介绍PKCS #11 library 支持的算法及加解密、签名验签机制。
支持的算法
加密和解密: AES-CBC,AES-CTR,AES-ECB,AES-GCM,DES3-CBC,DES3-ECB,RSA-OAEP和RSA-PKCS
签名和验证:RSA,HMAC和ECDSA;有散列和无散列
Hash/digest(哈希值): SHA1,SHA224,SHA256,SHA384和SHA512
密钥封装:AES Key Wrap,AES-GCM,RSA-AES和RSA-OAEP
导出密钥:ECDH
支持的密钥生成机制
CKM_GENERIC_SECRET_KEY_GEN
CKM_DES3_KEY_GEN
CKM_AES_KEY_GEN
CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_EC_KEY_PAIR_GEN
支持的签名和验证机制
CKM_SHA1_RSA_PKCS
CKM_SHA224_RSA_PKCS
CKM_SHA256_RSA_PKCS
CKM_SHA384_RSA_PKCS
CKM_SHA512_RSA_PKCS
CKM_RSA_PKCS_PSS
CKM_SHA1_RSA_PKCS_PSS
CKM_SHA224_RSA_PKCS_PSS
CKM_SHA256_RSA_PKCS_PSS
CKM_SHA384_RSA_PKCS_PSS
CKM_SHA512_RSA_PKCS_PSS
CKM_ECDSA
CKM_ECDSA_SHA1
CKM_ECDSA_SHA224
CKM_ECDSA_SHA256
CKM_ECDSA_SHA384
CKM_ECDSA_SHA512
CKM_SHA_1_HMAC
CKM_SHA224_HMAC
CKM_SHA256_HMAC
CKM_SHA384_HMAC
CKM_SHA512_HMAC
支持的摘要机制
CKM_SHA_1
CKM_SHA224
CKM_SHA256
CKM_SHA384
CKM_SHA512
支持的加密和解密机制
CKM_DES3_CBC
CKM_DES3_CBC_PAD
CKM_DES3_ECB
CKM_AES_CBC
CKM_AES_CBC_PAD
CKM_AES_ECB
CKM_AES_CTR
CKM_AES_GCM
CKM_CLOUDHSM_AES_GCM
CKM_AES_KEY_WRAP
CKM_AES_KEY_WRAP_PAD
CKM_AES_KEY_WRAP_NO_PAD
CKM_AES_KEY_WRAP_PKCS5_PAD
CKM_RSA_PKCS
CKM_RSA_PKCS_OAEP
支持派生钥匙机制
CKM_ECDH1_DERIVE
支持包装和拆包机制
CKM_AES_GCM
CKM_CLOUDHSM_AES_GCM
CKM_AES_KEY_WRAP
CKM_AES_KEY_WRAP_PAD
CKM_AES_KEY_WRAP_NO_PAD
CKM_AES_KEY_WRAP_PKCS5_PAD
CKM_RSA_AES_KEY_WRAP
CKM_DES3_NIST_WRAP
CKM_RSA_PKCS
CKM_RSA_PKCS_OAEP