Your suggested change has been received. Thank you.

Suggest A Change

Please Note:

Supported Algorithms

The CADP for .NET Core supports the following algorithms:

Public Algorithms

AES
AES/GCM
DESede
HMAC-SHA
RSA
EC

Proprietary Algorithms

FPE/AES
FPE/FF1v2
FPE/FF3
FPE/FF3-1

Note

It is recommended to use CBC/GCM encryption over ECB encryption.
It is recommended to use random Initialization Vector (IV).

AES

Attribute	Description
Block Size	16 bytes
Supported Modes	— ECB (default) — CBC
Padding Schemes	— PKCS7Padding — None (No Padding)
IV	— CBC mode requires a 16 byte IV. — IV is not allowed in ECB mode.
Key Size (in bits)	— 128 (default) — 192 — 256
Additional Notes	When using AES keys with No Padding, you must supply data (both ciphertext for decryption and plaintext for encryption) in multiples of 16 bytes.

AES/GCM

Attribute	Description
Block Size	16 bytes
Supported Mode	GCM
Padding Scheme	None (No Padding)
IV (nonce)	12 bytes
Key Size (in bits)	— 128 — 192 — 256
Additional Authenticated Data (AAD)	(Optional) This is the data that will be passed to the recipient in plain text, but need to be 'authenticated' to avoid being tampered. AAD is used as an integrity check and can help protect your data. AAD is bound to the encrypted data, because you cannot decrypt the ciphertext unless you know the AAD, but it is not stored as part of the ciphertext. Note: AAD doesn't support `&`, `>`, and `<` characters.
TagLen	The tag will ensure the data is not accidentally altered or maliciously tampered during transmission or storage. The TagLen supported by this instance: 12, 13, 14, 15, or 16 bytes (96, 104, 112, 120, or 128 bits)

DESede

Attribute	Description
Block Size	8 bytes
Supported Modes	— ECB (default) — CBC
Padding Schemes	— PKCS7Padding (default) — None (No Padding)
IV	— CBC mode requires an 8 byte IV. — IV is not allowed in ECB mode.
Key Size	— 168 (default) — 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two–key triple DES. The sequence of operations in two– key triple DES is: — Encrypt with Key1 — Decrypt with Key2 — Encrypt with Key1 A key size of 168 bits refers to three–key triple DES. The sequence of operations in three–key triple DES is: — Encrypt with Key1 — Decrypt with Key2 — Encrypt with Key3
Additional Notes	When using DESede keys with No Padding, you must supply data (both ciphertext for decryption and plaintext for encryption) in multiples of 8 bytes.

HMAC-SHA

Attribute	Description
Supported Hash Function	— SHA-1 — SHA-256 — SHA-384 — SHA-512
Padding Schemes	Uses padding from SHA-1 algorithm. No additional padding is required.
IV	No IV is required.
Key Size	Keys can be between 128 and 256 bits. It is recommended that the key size be at least 160 bits, and sets the default at 160. The HMAC keys you generate should be a multiple of 8 bytes. On some platforms, HMAC keys that are not a multiple of 8 bytes might yield incorrect results when generating MACs.
Additional Notes	HMAC is a stream cipher. HMAC keys are bitstreams of multiples of 8 bits.

RSA

Attribute	Description
Padding Schemes	For encryption: — Pkcs1(default) — OaepSHA1 — OaepSHA256 — OaepSHA384 — OaepSHA512 For signatures: — Pkcs1(default) — Pss
IV	No IV is required.
Key Size	— 512 — 1024 — 2048 — 3072 — 4096

EC

Attribute	Description
Curve id and Key Size	— secp224k1_225 — secp224r1_224 — secp256k1_256 — secp384r1_384 — secp521r1_521 — prime256v1_256 — brainpoolP224r1_224 — brainpoolP224t1_224 — brainpoolP256r1_256 — brainpoolP256t1_256 — brainpoolP384r1_384 — brainpoolP384t1_384 — brainpoolP512r1_512 — brainpoolP512t1_512 On Linux and macOS, the following curves are not supported in a local mode: — brainpoolP224r1_224 — brainpoolP224t1_224 — brainpoolP256r1_256 — brainpoolP256t1_256 — brainpoolP384r1_384 — brainpoolP384t1_384 — brainpoolP512r1_512 — brainpoolP512t1_512 — secp224r1_224
Identifier Strings	— SHA1withECDSA — SHA256withECDSA — SHA384withECDSA — SHA512withECDSA
IV	No IV is required.
Additional Notes	Supported operations: — Key Creation (Use EC as identifier string) — Key Export — Key Import — Sign/Sign Verify

FPE/AES

Attribute	Description
Block Size	MAXb — For CARD10 MAXb = 56 bytes — for CARD26 MAXb = 40 bytes — for CARD62 MAXb = 32 bytes
Cardinalities	— CARD10 (both local and remote mode) — CARD26 (local mode only) — CARD62 (local mode only) — UNICODE (local mode only)
Encoding	— UTF-8 (local mode only) — UTF-16LE (local mode only) — UTF-16BE (local mode only) — UTF-32LE (local mode only)
IV	FPE accepts a HEX encoded MAXb integer. If the length of data exceeds MAXb value then IV must be provided. FPE breaks long data into MAXb integer blocks and uses block chaining algorithm similar to CBC mode to perform encryption. — FPE/AES/CARD10 - a 56 bytes IV in hex encoded form having a cardinality 10 when data size is > 56 bytes — FPE/AES/CARD26 - a 40 bytes IV in hex encoded form having a cardinality 26 when data size is > 40 bytes — FPE/AES/CARD62 - a 32 bytes IV in hex encoded form having a cardinality 62 when data size is > 32 bytes — For FPE/AES/UNICODE - When cardinality is y, a x characters IV is used when data size is > x characters. Here, y is the number of characters in the unicode character set file, and corresponding value of x is derived using the following formula: `double lg = Math.log10(Math.pow((double)2,(double)96))/Math.log10((double)CharacterSet_size);double block_len = 2 * Math.floor(lg);` The table with cardinality and corresponding IV value based on the above formula is provided at FPE/AES/Unicode Cardinality Block-Size Table. Note: The value of each hex encoded byte in the IV value will be in the range `00` to `(cardinality-1)`. For example, when CARD26 is used, the maximum value will be 0x19 (hex encode of 26-1=25). In the following IV for CARD26: 120D0B02001104080B0B06050E1203090E0A12020D070F0605031202031100030F0B100E1101100B The hex 0A lies in the range `00` to `cardinality-1` that is, 00 to 19.
Key Size (in bits)	— 128 — 192 — 256
Identifier Strings	— NaeFpe.AlgorithmName.FPE_AES_CARD10 — NaeFpe.AlgorithmName.FPE_AES_CARD26 — NaeFpe.AlgorithmName.FPE_AES_CARD62 — NaeFpe.AlgorithmName.FPE_AES_UNICODE
Tweak Algorithm	Hashing algorithm to be applied to specified tweak data beforehand. Valid values: — NONE — SHA1 — SHA256
Tweak Data	Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. It accepts ASCII strings of maximum 256 characters. If tweak data algorithm is `NONE` or absent: — For AES, the value must be HEX encoded string representing 64 bit long (hence, HEX encoding will consume 16 characters). — If tweak data algorithm represents a valid argument then the tweak data need not be hex encoded string but any ASCII string.
Additional Notes	— The FPE/AES/CARD10, FPE/AES/CARD26, FPE/AES/CARD62, and FPE/AES/UNICODE algorithms are only applicable for non-versioned keys. — Default Tweak Algorithm will be NONE, if Null value is provided. For details on FPE, refer to Format Preserving Encryption.

FPE/FF1v2

Attribute	Description
Cardinalities	— CARD10 (local mode only) — CARD26 (local mode only) — CARD62 (local mode only) — UNICODE (local mode only)
Encoding	— UTF-8 (local mode only) — UTF-16LE (local mode only) — UTF-16BE (local mode only) — UTF-32LE (local mode only)
Key Size (in bits)	— 128 — 192 — 256
Identifier Strings	— NaeFpe.AlgorithmName.FPE_FF1v2_CARD10 — NaeFpe.AlgorithmName.FPE_FF1v2_CARD26 — NaeFpe.AlgorithmName.FPE_FF1v2_CARD62 — NaeFpe.AlgorithmName.FPE_FF1v2_UNICODE
Tweak Algorithm	Specify the hashing algorithm to be applied to the specified tweak data beforehand. Valid values: — None — SHA1 — SHA256
Tweak Data	Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. If tweak algorithm is None, the tweak data is optional. If tweak data is provided, the value must be HEX encoded string. For tweak algorithms SHA1 and SHA256, the tweak data length should be ≤ 256 characters.

FPE/FF3

Attribute	Description
Cardinalities	— CARD10 (local mode only) — CARD26 (local mode only) — CARD62 (local mode only) — UNICODE (local mode only)
Encoding	— UTF-8 (local mode only) — UTF-16LE (local mode only) — UTF-16BE (local mode only) — UTF-32LE (local mode only)
Key Size (in bits)	— 128 (default) — 192 — 256
Identifier Strings	— NaeFpe.AlgorithmName.FPE_FF3_CARD10 — NaeFpe.AlgorithmName.FPE_FF3_CARD26 — NaeFpe.AlgorithmName.FPE_FF3_CARD62 — NaeFpe.AlgorithmName.FPE_FF3_UNICODE
Tweak Algorithm	Specify the hashing algorithm to be applied the to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256
Tweak Data	If the tweak algorithm is None, the value must be 16 characters HEX encoded string. For tweak algorithms SHA1 and SHA256, the tweak data length should be ≤ 256 characters.

FPE/FF3-1

Attribute	Description
Cardinalities	— CARD10 (remote mode only) — CARD26 (local mode only) — CARD62 (local mode only) — UNICODE (local mode only)
Encoding	Only UTF-8 is supported.
Key Size (in bits)	— 128 (default) — 192 — 256
Identifier Strings	— NaeFpe.AlgorithmName.FPE_FF3_1_CARD10 — NaeFpe.AlgorithmName.FPE_FF3_1_CARD26 — NaeFpe.AlgorithmName.FPE_FF3_1_CARD62 — NaeFpe.AlgorithmName.FPE_FF3_1_UNICODE
Tweak Algorithm	Hashing algorithm to be applied to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256
Tweak Data	If the tweak algorithm is None, the value must be 14 characters HEX encoded string. For tweak algorithms SHA1 and SHA256, the tweak data length should be ≤ 256 characters.