The following table provides a summary of all of the supported mechanisms for all FIPS Luna Cloud HSM Services in the NA region.
Mechanism | Supported Functions | Functions Restricted from FIPS Use | Min Key Length (bits) | Min Key Length for FIPS Use (bits) | Min Legacy Key Length for FIPS Use (bits) | Max Key Length (bits) | Block Size | Digest Size | Key Types | Algorithms | Modes | Flags |
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Encrypt | Decrypt | Wrap | Unwrap | Cannot wrap | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | CBC | Extractable |
|
Derive | None | 128 | 128 | N/A | 256 | 0 | 0 | AES | None | None | None |
|
Encrypt | Decrypt | Wrap | Unwrap | Cannot wrap | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | CBC_PAD | Extractable |
|
Encrypt | Decrypt | None | 128 | 128 | N/A | 256 | 16 | 1 | AES | AES | CFB | Extractable |
|
Encrypt | Decrypt | None | 128 | 128 | N/A | 256 | 16 | 16 | AES | AES | CFB | Extractable |
|
Sign | Verify | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | MAC | Extractable | CMAC |
|
Sign | Verify | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | MAC | Extractable | CMAC |
|
Encrypt | Decrypt | Wrap | Unwrap | Cannot wrap | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | CTR | Extractable |
|
Encrypt | Decrypt | Wrap | Unwrap | Cannot wrap | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | ECB | Extractable |
|
Derive | None | 128 | 128 | N/A | 256 | 0 | 0 | AES | None | None | None |
|
Encrypt | Decrypt | Wrap | Unwrap | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | GCM | Extractable | Accumulating |
|
Sign | Verify | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | GCM | Extractable | Accumulating |
|
Generate Key | None | 128 | 128 | N/A | 256 | 0 | 0 | AES | None | None | None |
|
Encrypt | Decrypt | Wrap | Unwrap | None | 128 | 128 | N/A | 256 | 8 | 0 | AES | AES | KEYWRAP | Extractable | Accumulating |
|
Encrypt | Decrypt | Wrap | Unwrap | None | 128 | 128 | N/A | 256 | 8 | 0 | AES | AES | KEYWRAP_PAD | Extractable | Accumulating |
|
Encrypt | Decrypt | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | OFB | Extractable |
|
Encrypt | Decrypt | None | 128 | 128 | N/A | 256 | 16 | 0 | AES | AES | XTS | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 0 | 0 | DSA | DSA | None | None |
|
Generate Key Pair | None | 1024 | 2048 | 1024 | 3072 | 0 | 0 | DSA | None | None | None |
|
Generate Key | None | 1024 | 2048 | 1024 | 3072 | 0 | 0 | DSA | None | None | None |
|
Sign | Verify | Cannot sign | 1024 | 2048 | 1024 | 3072 | 64 | 20 | DSA | SHA | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 64 | 28 | DSA | SHA224 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 64 | 32 | DSA | SHA256 | None | Extractable |
|
Generate Key Pair | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | None | None | None |
|
Generate Key Pair | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | None | None | Extra bits |
|
Generate Key Pair | None | 256 | 256 | N/A | 256 | 0 | 0 | EC_MONT | None | None | None |
|
Derive | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | BIP32 | None | None | None |
|
Derive | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | EC_MONT | BIP32 | None | None | None |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | BIP32 | ECDSA | None | None |
|
Sign | Verify | Cannot sign | 105 | 224 | 160 | 571 | 64 | 20 | ECDSA | BIP32 | SHA | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 64 | 28 | ECDSA | BIP32 | SHA224 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 64 | 32 | ECDSA | BIP32 | SHA256 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 128 | 48 | ECDSA | BIP32 | SHA384 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 128 | ( | ECDSA | BIP32 | SHA512 | None | Extractable |
|
Encrypt | Decrypt | None | 105 | 224 | 160 | 571 | 0 | 0 | ECDSA | EC_MONT | BIP32 | None | None | Accumulating |
|
Generate Key | None | 8 | 112 | N/A | 4096 | 0 | 0 | None | None | None | None |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 144 | 28 | Symmetric | SHA3_224 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 136 | 32 | Symmetric | SHA3_256 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 104 | 48 | Symmetric | SHA3_384 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 72 | 64 | Symmetric | SHA3_512 | HMAC | Extractable |
|
Derive | None | 8 | 112 | N/A | 4096 | 0 | 0 | Symmetric | None | None | None |
|
Generate Key Pair | None | 1024 | 2048 | 1024 | 4096 | 0 | 0 | RSA | None | None | None |
|
Generate Key Pair | None | 2048 | 2048 | N/A | 4096 | 0 | 0 | RSA | None | None | None |
|
Sign | Verify | Encrypt | Decrypt | Wrap | Unwrap | Cannot wrap | Cannot legacy decrypt | Cannot legacy unwrap | Cannot encrypt | 256 | 2048 | 1024 | 8192 | 0 | 0 | RSA | None | None | None |
|
Encrypt | Decrypt | Wrap | Unwrap | None | Cannot legacy decrypt | Cannot legacy unwrap | 256 | 2048 | 1024 | 8192 | 0 | 0 | RSA | None | None | None |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 0 | 0 | RSA | None | None | None | PSS |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 0 | 0 | RSA | None | None | Extractable | X9.31 |
|
Digest | Cannot sign | 0 | 0 | N/A | 0 | 64 | 20 | None | SHA | None | Extractable |
|
Sign | Verify | Cannot sign | 8 | 112 | 80 | 4096 | 64 | 20 | Symmetric | SHA | HMAC | Extractable |
|
Sign | Verify | Cannot sign | 8 | 112 | 80 | 4096 | 64 | 20 | Symmetric | SHA | HMAC | Extractable |
|
Sign | Verify | Cannot sign | 256 | 2048 | 1024 | 8192 | 64 | 20 | RSA | SHA | None | Extractable |
|
Sign | Verify | Cannot sign | 256 | 2048 | 1024 | 8192 | 64 | 20 | RSA | SHA | None | Extractable | PSS |
|
Sign | Verify | Cannot sign | 1024 | 2048 | 1024 | 8192 | 64 | 20 | RSA | SHA | None | Extractable | X9.31 |
|
Digest | None | 0 | 0 | N/A | 0 | 144 | 28 | None | SHA3_224 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 144 | 28 | DSA | SHA3_224 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 144 | 28 | ECDSA | BIP32 | SHA3_224 | None | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 144 | 28 | RSA | SHA3_224 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 144 | 28 | RSA | SHA3_224 | None | Extractable | PSS |
|
Digest | None | 0 | 0 | N/A | 0 | 136 | 32 | None | SHA3_256 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 136 | 32 | DSA | SHA3_256 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 136 | 32 | ECDSA | BIP32 | SHA3_256 | None | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 136 | 32 | RSA | SHA3_256 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 136 | 32 | RSA | SHA3_256 | None | Extractable | PSS |
|
Digest | None | 0 | 0 | N/A | 0 | 104 | 48 | None | SHA3_384 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 104 | 48 | DSA | SHA3_384 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 104 | 48 | ECDSA | BIP32 | SHA3_384 | None | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 104 | 48 | RSA | SHA3_384 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 104 | 48 | RSA | SHA3_384 | None | Extractable | PSS |
|
Digest | None | 0 | 0 | N/A | 0 | 72 | 64 | None | SHA3_512 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 3072 | 72 | 64 | DSA | SHA3_512 | None | Extractable |
|
Sign | Verify | None | 105 | 224 | 160 | 571 | 72 | 64 | ECDSA | BIP32 | SHA3_512 | None | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 72 | 64 | RSA | SHA3_512 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 72 | 64 | RSA | SHA3_512 | None | Extractable | PSS |
|
Digest | None | 0 | 0 | N/A | 0 | 64 | 28 | None | SHA224 | None | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 64 | 28 | Symmetric | SHA224 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 64 | 28 | Symmetric | SHA224 | HMAC | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 64 | 28 | RSA | SHA224 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 64 | 28 | RSA | SHA224 | None | Extractable | PSS |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 64 | 28 | RSA | SHA224 | None | Extractable | X9.31 |
|
Digest | None | 0 | 0 | N/A | 0 | 64 | 32 | None | SHA256 | None | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 64 | 32 | Symmetric | SHA256 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 64 | 32 | Symmetric | SHA256 | HMAC | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 64 | 32 | RSA | SHA256 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 64 | 32 | RSA | SHA256 | None | Extractable | PSS |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 64 | 32 | RSA | SHA256 | None | Extractable | X9.31 |
|
Digest | None | 0 | 0 | N/A | 0 | 128 | 48 | None | SHA384 | None | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 128 | 48 | Symmetric | SHA384 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 128 | 48 | Symmetric | SHA384 | HMAC | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 128 | 48 | RSA | SHA384 | None | Extractable |
|
Sign | Verify | None | 512 | 2048 | 1024 | 8192 | 128 | 48 | RSA | SHA384 | None | Extractable | PSS |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 128 | 48 | RSA | SHA384 | None | Extractable | X9.31 |
|
Digest | None | 0 | 0 | N/A | 0 | 128 | ( | None | SHA512 | None | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 128 | ( | Symmetric | SHA512 | HMAC | Extractable |
|
Sign | Verify | None | 8 | 112 | 80 | 4096 | 128 | ( | Symmetric | SHA512 | HMAC | Extractable |
|
Sign | Verify | None | 256 | 2048 | 1024 | 8192 | 128 | ( | RSA | SHA512 | None | Extractable |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 128 | ( | RSA | SHA512 | None | Extractable | PSS |
|
Sign | Verify | None | 1024 | 2048 | 1024 | 8192 | 128 | ( | RSA | SHA512 | None | Extractable | X9.31 |
|
Digest | None | 0 | 0 | N/A | 0 | 168 | 0 | None | SHAKE_128 | None | Extractable |
|
Digest | None | 0 | 0 | N/A | 0 | 136 | 0 | None | SHAKE_256 | None | Extractable |
|
Derive | None | 1024 | 2048 | N/A | 4096 | 0 | 0 | X9_42_DH | None | None | None |
|
Derive | None | 1024 | 2048 | N/A | 4096 | 0 | 0 | X9_42_DH | None | None | None |
|
Generate Key Pair | None | 1024 | 2048 | N/A | 4096 | 0 | 0 | X9_42_DH | None | None | None |