SafeNet ProtectToolkit-C Mechanisms
Characteristics of all SafeNet ProtectToolkit-C mechanisms are summarized in the pages that follow. Both PKCS #11 standard mechanisms and Gemalto-proprietary mechanisms are included.
Mechanisms - Key Size Range and Parameters lists the key size range and any parameters defined for each mechanism. Continue to the individual mechanism pages for full descriptions.
NOTE Functions in bold are Gemalto-proprietary. See also Vendor-Defined Error Codes.
Mechanism |
Min |
FIPS |
Max |
Parameter |
---|---|---|---|---|
CKM_AES_CBC
|
16 |
16 |
32 |
16 bytes |
CKM_AES_CBC_ENCRYPT_DATA
|
16 | 16 | 32 | CK_AES_CBC_ENCRYPT_DATA_PARAMS
|
CKM_AES_CBC_PAD
|
16 |
16 |
32 |
16 bytes |
CKM_AES_CMAC
|
16 |
N/A |
32 |
None |
CKM_AES_CMAC_GENERAL
|
16 |
N/A |
32 |
None |
CKM_AES_ECB
|
16 |
16 |
32 |
None |
CKM_AES_ECB_ENCRYPT_DATA
|
16 |
N/A |
32 | Data to be encrypted |
CKM_AES_KEY_GEN
|
16 |
16 |
32 |
None |
CKM_AES_KEY_WRAP
|
16 |
16 |
32 |
8 bytes (optional) |
CKM_AES_KEY_WRAP_PAD
|
16 |
16 |
32 |
8 bytes (optional |
CKM_AES_KW
|
128 | N/A | 256 | None |
CKM_AES_KWP
|
128 | N/A | 256 | None |
CKM_AES_MAC
|
16 |
N/A |
32 |
None |
CKM_AES_MAC_GENERAL
|
16 |
N/A |
32 |
CK_MAC_GENERAL_PARAMS
|
CKM_AES_OFB
|
16 | 16 | 32 | 16 bytes |
0 |
0 |
0 | ||
CKM_ARIA_CBC
|
16 |
N/A |
32 |
16 bytes |
CKM_ARIA_CBC_PAD
|
16 |
N/A |
32 |
16 bytes |
CKM_ARIA_ECB
|
16 |
N/A |
32 |
None |
CKM_ARIA_KEY_GEN
|
16 |
N/A |
32 |
None |
CKM_ARIA_MAC
|
16 |
N/A |
32 |
None |
CKM_ARIA_MAC_GENERAL
|
16 |
N/A |
32 |
CK_MAC_GENERAL_PARAMS
|
CKM_BIP32_CHILD_DERIVE
|
32 | N/A | 32 | CKM_BIP32_CHILD_DERIVE_PARAMS
|
CKM_BIP32_MASTER_DERIVE
|
32 | N/A | 32 | CKM_BIP32_MASTER_DERIVE_PARAMS
|
CKM_CAST128_CBC
|
1 |
N/A |
16 |
8 bytes |
CKM_CAST128_CBC_PAD
|
1 |
N/A |
16 |
8 bytes |
CKM_CAST128_ECB
|
1 |
N/A |
16 |
None |
1 |
N/A |
16 |
None | |
CKM_CAST128_KEY_GEN
|
1 |
N/A |
16 |
None |
CKM_CAST128_MAC
|
1 |
N/A |
16 |
None |
CKM_CAST128_MAC_GENERAL
|
1 |
N/A |
16 |
CK_MAC_GENERAL_PARAMS
|
CKM_CONCATENATE_BASE_AND_DATA
|
0 |
N/A |
None |
CK_KEY_DERIVATION_STRING_DATA
|
CKM_CONCATENATE_BASE_AND_KEY
|
0 |
N/A |
None |
CK_OBJECT_HANDLE
|
CKM_CONCATENATE_DATA_AND_BASE
|
0 |
N/A |
None |
CK_KEY_DERIVATION_STRING_DATA
|
0 |
0 |
0 |
None | |
0 |
0 |
0 |
None | |
8 |
N/A |
8 |
8 bytes | |
CKM_DES_CBC
|
8 |
N/A |
8 |
8 bytes |
CKM_DES_CBC_ENCRYPT_DATA
|
8 | N/A | 8 | CK_DES_CBC_ENCRYPT_DATA_PARAMS
|
CKM_DES_CBC_PAD
|
8 |
N/A |
8 |
8 bytes |
8 |
N/A |
8 |
CK_DES_CBC_PARAMS
|
|
8 |
N/A |
8 |
Multiple of 8 bytes | |
CKM_DES_ECB
|
8 |
N/A |
8 |
None |
CKM_DES_ECB_ENCRYPT_DATA
|
8 | N/A | 8 | CK_KEY_DERIVATION_STRING_DATA
|
8 |
N/A |
8 |
None | |
CKM_DES_KEY_GEN
|
8 |
N/A |
8 |
None |
CKM_DES_MAC
|
8 |
N/A |
8 |
CK_MAC_GENERAL_PARAMS
|
CKM_DES_MAC_GENERAL
|
8 |
N/A |
8 |
CK_MAC_GENERAL_PARAMS
|
0 |
N/A |
0 |
None | |
8 |
N/A |
8 |
8 bytes | |
CKM_DES2_KEY_GEN
|
16 |
16 |
16 |
None |
16 |
N/A |
24 |
8 bytes | |
CKM_DES3_CBC
|
16 |
16 |
24 |
8 bytes |
CKM_DES3_CBC_ENCRYPT_DATA
|
16 | 16 | 24 | CK_DES_CBC_ENCRYPT_DATA_PARAMS
|
CKM_DES3_CBC_PAD
|
16 |
16 |
24 |
8 bytes |
CKM_DES3_CMAC
|
16 |
16 |
24 |
8 bytes |
CKM_DES3_CMAC_GENERAL
|
16 |
16 |
24 |
8 bytes |
16 |
N/A |
24 |
8 bytes | |
16 |
N/A |
24 |
CK_DES2_CBC_PARAMS
|
|
0 |
N/A |
0 |
Multiple of 8 bytes | |
CKM_DES3_ECB
|
16 |
16 |
24 |
None |
CKM_DES3_ECB_ENCRYPT_DATA
|
16 | 16 | 24 | CK_KEY_DERIVATION_STRING_DATA
|
16 |
16 |
24 |
None | |
CKM_DES3_KEY_GEN
|
24 |
24 |
24 |
None |
CKM_DES3_MAC
|
16 |
16 |
24 |
None |
CKM_DES3_MAC_GENERAL
|
16 |
16 |
24 |
CK_MAC_GENERAL_PARAMS
|
16 |
16 |
24 |
8 bytes | |
16 |
16 |
24 |
8 bytes (IV) | |
16 |
16 |
24 |
CK_MAC_GENERAL_PARAMS
|
|
16 |
16 |
24 |
8 bytes | |
512 |
1024 |
4096 |
Bytes (Big Integer) | |
512 |
1024 |
4096 |
None | |
512 |
1024 |
4096 |
None | |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
None | |
CKM_DSA_SHA1
|
512 |
2048 |
4096 |
None |
512 |
2048 |
4096 |
None | |
CKM_DSA_SHA224
|
1024 | 2048 | 4096 | None |
1024 |
2048 |
4096 |
None | |
CKM_DSA_SHA256
|
1024 | 2048 | 4096 | None |
1024 |
2048 |
4096 |
None | |
CKM_EC_KEY_PAIR_GEN
|
64 |
224 |
571 |
None |
CKM_ECDH1_DERIVE
|
64 |
224 |
571 |
CK_ECDH1_DERIVE_PARAMS
|
CKM_ECDSA
|
64 |
224 |
571 |
None |
CKM_ECDSA_SHA1
|
64 |
N/A |
571 |
None |
CKM_ECDSA_SHA224
|
64 |
224 |
571 |
None |
CKM_ECDSA_SHA256
|
64 |
224 |
571 |
None |
CKM_ECDSA_SHA384
|
64 |
224 |
571 |
None |
CKM_ECDSA_SHA512
|
64 |
224 |
571 |
None |
CKM_ECDSA_GBCS_SHA256
|
64 | 224 | 571 | None |
64 |
N/A |
571 |
CK_ECIES_PARAMS
|
|
0 |
0 |
0 |
None | |
0 |
0 |
0 |
None | |
0 |
0 |
0 |
None | |
0 |
0 |
0 |
CK_MECH_TYPE_AND_OBJECT
|
|
0 |
0 |
0 |
None | |
CKM_EXTRACT_KEY_FROM_KEY
|
0 |
N/A |
0 |
CK_EXTRACT_PARAMS
|
512 |
2048 |
4096 |
None | |
1024 |
2048 |
4096 |
None | |
CKM_GENERIC_SECRET_KEY_GEN
|
0 |
0 |
None |
None |
CKM_IDEA_CBC
|
16 |
N/A |
16 |
8 bytes |
CKM_IDEA_CBC_PAD
|
16 |
N/A |
16 |
8 bytes |
CKM_IDEA_ECB
|
16 |
N/A |
16 |
None |
16 |
N/A |
16 |
None | |
CKM_IDEA_KEY_GEN
|
16 |
N/A |
16 |
None |
CKM_IDEA_MAC
|
16 |
N/A |
16 |
None |
CKM_IDEA_MAC_GENERAL
|
16 |
N/A |
16 |
CK_MAC_GENERAL_PARAMS
|
512 |
N/A |
4096 |
None | |
512 |
1024 |
4096 |
CK_KEY_WRAP_SET_OAEP_PARAMS
|
|
CKM_MD2
|
0 |
N/A |
0 |
None |
CKM_MD2_HMAC
|
0 |
N/A |
0 |
None |
CKM_MD2_HMAC_GENERAL
|
0 |
N/A |
0 |
CK_MAC_GENERAL_PARAMS
|
CKM_MD2_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
CKM_MD2_RSA_PKCS
|
512 |
N/A |
4096 |
None |
CKM_MD5
|
0 |
N/A |
0 |
None |
CKM_MD5_HMAC
|
0 |
N/A |
0 |
None |
CKM_MD5_HMAC_GENERAL
|
0 |
N/A |
0 |
CK_MAC_GENERAL_PARAMS
|
CKM_MD5_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
CKM_MD5_RSA_PKCS
|
512 |
N/A |
4096 |
None |
CKM_MILENAGE_DERIVE
|
16 | N/A | 16 | CK_MILENAGE_DERIVE_PARAMS
|
CKM_MILENAGE_SIGN
|
16 | N/A | 16 | CK_MILENAGE_SIGN_PARAMS
|
0 |
N/A |
0 |
None | |
1024 |
1024 |
4096 |
None | |
1024 |
1024 |
4096 |
None | |
CKM_PBA_SHA1_WITH_SHA1_HMAC
|
20 |
N/A |
20 |
CK_PBE_PARAMS
|
CKM_PBE_MD2_DES_CBC
|
8 |
N/A |
8 |
CK_PBE_PARAMS
|
CKM_PBE_MD5_CAST128_CBC
|
16 |
N/A |
16 |
CK_PBE_PARAMS
|
CKM_PBE_MD5_DES_CBC
|
8 |
N/A |
8 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_CAST128_CBC
|
16 |
N/A |
16 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_DES2_EDE_CBC
|
16 |
N/A |
16 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_DES3_EDE_CBC
|
24 |
N/A |
24 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_RC2_40_CBC
|
5 |
N/A |
5 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_RC2_128_CBC
|
16 |
N/A |
16 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_RC4_40
|
5 |
N/A |
5 |
CK_PBE_PARAMS
|
CKM_PBE_SHA1_RC4_128
|
16 |
N/A |
16 |
CK_PBE_PARAMS
|
1 |
N/A |
None |
CKM_PKCS12_PBE_EXPORT_PARAMS
|
|
1 |
N/A |
None |
CKM_PKCS12_PBE_IMPORT_PARAMS
|
|
1 |
1 |
None |
CK_PP_LOAD_SECRET_PARAMS
|
|
CKM_RC2_CBC
|
1 |
N/A |
128 |
CK_RC2_CBC_PARAMS
|
CKM_RC2_CBC_PAD
|
1 |
N/A |
128 |
CK_RC2_CBC_PARAMS
|
CKM_RC2_ECB
|
1 |
N/A |
128 |
CK_RC2_PARAMS
|
1 |
N/A |
128 |
CK_RC2_PARAMS
|
|
CKM_RC2_KEY_GEN
|
1 |
N/A |
128 |
None |
CKM_RC2_MAC
|
1 |
N/A |
128 |
CK_RC2_PARAMS
|
CKM_RC2_MAC_GENERAL
|
1 |
N/A |
128 |
CK_RC2_MAC_GENERAL_PARAMS
|
CKM_RC4
|
0 |
N/A |
256 |
None |
CKM_RC4_KEY_GEN
|
0 |
N/A |
256 |
None |
CKM_REPLICATE_TOKEN_RSA_AES
|
2048 |
2048 |
4096 |
CK_REPLICATE_TOKEN_PARAMS
|
CKM_RIPEMD128
|
0 |
N/A |
0 |
None |
CKM_RIPEMD128_HMAC
|
0 |
N/A |
0 |
None |
CKM_RIPEMD128_HMAC_GENERAL
|
0 |
N/A |
0 |
CK_MAC_GENERAL_PARAMS
|
CKM_RIPEMD128_RSA_PKCS
|
512 |
N/A |
4096 |
None |
CKM_RIPEMD160
|
0 |
N/A |
0 |
None |
CKM_RIPEMD160_HMAC
|
0 |
N/A |
0 |
None |
CKM_RIPEMD160_HMAC_GENERAL
|
0 |
N/A |
0 |
|
CKM_RIPEMD160_RSA_PKCS
|
512 |
N/A |
4096 |
None |
CKM_RSA_9796
|
512 |
N/A |
4096 |
None |
CKM_RSA_FIPS_186_4_PRIME_KEY_PAIR_GEN
|
2048 | 2048 | 4096 | CK_ULONG (optional)
|
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
CK_RSA_PKCS_OAEP_PARAMS
|
|
512 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
512 |
2048 |
4096 |
None | |
1024 |
2048 |
4096 |
None | |
0 |
0 |
None |
CK_SECRET_SHARE_PARAMS
|
|
0 |
0 |
None |
None | |
16 |
N/A |
16 |
16 bytes | |
16 |
N/A |
16 |
16 bytes | |
16 |
N/A |
16 |
None | |
16 |
N/A |
16 |
None | |
16 |
N/A |
16 |
None | |
16 |
N/A |
16 |
None | |
16 |
N/A |
16 |
CK_MAC_GENERAL_PARAMS
|
|
1024 |
1024 |
4096 |
None | |
CKM_SHA1
|
0 |
0 |
0 |
None |
CKM_SHA1_HMAC
|
0 |
10 |
None |
None |
CKM_SHA1_HMAC_GENERAL
|
0 |
10 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SHA1_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
512 |
N/A |
4096 |
CK_TIMESTAMP_PARAMS
|
|
CKM_SHA224
|
0 |
0 |
0 |
None |
CKM_SHA224_HMAC
|
0 |
14 |
None |
None |
CKM_SHA224_HMAC_GENERAL
|
0 |
14 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SHA224_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
CKM_SHA256
|
0 |
0 |
0 |
None |
CKM_SHA256_HMAC
|
0 |
16 |
None |
None |
CKM_SHA256_HMAC_GENERAL
|
0 |
16 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SHA256_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
512 |
2048 |
4096 |
None | |
512 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
CKM_SHA384
|
0 |
0 |
0 |
None |
CKM_SHA384_HMAC
|
0 |
24 |
None |
None |
CKM_SHA384_HMAC_GENERAL
|
0 |
24 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SHA384_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
640 |
2048 |
4096 |
None | |
640 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
CKM_SHA512
|
0 |
0 |
0 |
None |
CKM_SHA512_HMAC
|
0 |
32 |
None |
None |
CKM_SHA512_HMAC_GENERAL
|
0 |
32 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SHA512_KEY_DERIVATION
|
0 |
N/A |
0 |
None |
768 |
2048 |
4096 |
None | |
768 |
2048 |
4096 |
CK_RSA_PKCS_PSS_PARAMS
|
|
CKM_SSL3_KEY_AND_MAC_DERIVE
|
48 |
N/A |
48 |
CK_SSL3_KEY_MAT_PARAMS
|
CKM_SSL3_MASTER_KEY_DERIVE
|
48 |
N/A |
48 |
CK_SSL3_MASTER_KEY_DERIVE_PARAMS
|
CKM_SSL3_MD5_MAC
|
0 |
0 |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_SSL3_PRE_MASTER_KEY_GEN
|
48 |
48 |
48 |
CK_VERSION
|
CKM_SSL3_SHA1_MAC
|
0 |
N/A |
None |
CK_MAC_GENERAL_PARAMS
|
CKM_TDEA_TKW
|
64 | N/A | 64 | None |
16 |
N/A |
16 |
None | |
16 |
16 |
32 |
None | |
CKM_WRAPKEY_AES_KWP
|
128 | N/A | 256 | None |
0 |
0 |
0 |
None | |
0 |
0 |
0 |
None | |
16 |
16 |
32 |
None | |
0 |
0 |
0 |
None | |
1024 |
1024 |
4096 |
CK_X9_42_DH1_DERIVE_PARAMS
|
|
1024 |
1024 |
4096 |
None | |
1024 |
1024 |
4096 |
None | |
CKM_XOR_BASE_AND_DATA
|
0 |
N/A |
None |
CK_KEY_DERIVATION_STRING_DATA
|
0 |
N/A |
None |
CK_OBJECT_HANDLE
|
|
0 |
N/A |
0 |
arbitrary byte length |
NOTE Key size limitations specified above may be further limited, depending on the specific operation being performed. For example: CKM_DES3_CBC specifies a 16-byte key as a lower limit, but in FIPS mode, such keys are only allowed for legacy decryption operations and not new encryptions. See the section detailing the relevant mechanism for more information.