SafeNet ProtectToolkit-C Mechanisms

Characteristics of all SafeNet ProtectToolkit-C mechanisms are summarized in the pages that follow. Both PKCS #11 standard mechanisms and Gemalto-proprietary mechanisms are included.

Mechanisms - Key Size Range and Parameters lists the key size range and any parameters defined for each mechanism. Continue to the individual mechanism pages for full descriptions.

NOTE   Functions in bold are Gemalto-proprietary. See also Vendor-Defined Error Codes.

Table 1: Mechanisms - Key Size Range and Parameters

Mechanism

Min

FIPS
Min

Max

Parameter
CKM_AES_CBC

16

16

32

 16 bytes
CKM_AES_CBC_ENCRYPT_DATA 16 16 32 CK_AES_CBC_ENCRYPT_DATA_PARAMS
CKM_AES_CBC_PAD

16

16

32

 16 bytes
CKM_AES_CMAC

16

N/A

32

 None
CKM_AES_CMAC_GENERAL

16

N/A

32

 None
CKM_AES_ECB

16

16

32

 None
CKM_AES_ECB_ENCRYPT_DATA 16

N/A

 32 Data to be encrypted
CKM_AES_KEY_GEN

16

16

32

 None
CKM_AES_KEY_WRAP

16

16

32

 8 bytes (optional)
CKM_AES_KEY_WRAP_PAD

16

16

32

 8 bytes (optional
CKM_AES_KW 128 N/A 256 None
CKM_AES_KWP 128 N/A 256 None
CKM_AES_MAC

16

N/A

32

 None
CKM_AES_MAC_GENERAL

16

N/A

32

 CK_MAC_GENERAL_PARAMS
CKM_AES_OFB 16 16 32 16 bytes

CKM_ARDFP

0

0

 0  
CKM_ARIA_CBC

16

N/A

32

 16 bytes
CKM_ARIA_CBC_PAD

16

N/A

32

 16 bytes
CKM_ARIA_ECB

16

N/A

32

 None
CKM_ARIA_KEY_GEN

16

N/A

32

 None
CKM_ARIA_MAC

16

N/A

32

 None
CKM_ARIA_MAC_GENERAL

16

N/A

32

 CK_MAC_GENERAL_PARAMS
CKM_BIP32_CHILD_DERIVE 32 N/A 32 CKM_BIP32_CHILD_DERIVE_PARAMS
CKM_BIP32_MASTER_DERIVE 32 N/A 32 CKM_BIP32_MASTER_DERIVE_PARAMS
CKM_CAST128_CBC
(CKM_CAST5_CBC)

1

N/A

16

 8 bytes
CKM_CAST128_CBC_PAD
(CKM_CAST5_CBC_PAD)

1

N/A

16

 8 bytes
CKM_CAST128_ECB
(CKM_CAST5_ECB)

1

N/A

16

 None

CKM_CAST128_ECB_PAD

1

N/A

16

 None
CKM_CAST128_KEY_GEN
(CKM_CAST5_KEY_GEN)

1

N/A

16

 None
CKM_CAST128_MAC
(CKM_CAST5_MAC)

1

N/A

16

 None
CKM_CAST128_MAC_GENERAL
(CKM_CAST5_MAC_GENERAL)

1

N/A

16

 CK_MAC_GENERAL_PARAMS
CKM_CONCATENATE_BASE_AND_DATA

0

N/A

None

 CK_KEY_DERIVATION_STRING_DATA
CKM_CONCATENATE_BASE_AND_KEY

0

N/A

None

 CK_OBJECT_HANDLE
CKM_CONCATENATE_DATA_AND_BASE

0

N/A

None

 CK_KEY_DERIVATION_STRING_DATA

CKM_DECODE_PKCS_7

0

0

0

 None

CKM_DECODE_X_509

0

0

0

 None

CKM_DES_BCF

8

N/A

8

 8 bytes
CKM_DES_CBC

8

N/A

8

 8 bytes
CKM_DES_CBC_ENCRYPT_DATA 8 N/A 8 CK_DES_CBC_ENCRYPT_DATA_PARAMS
CKM_DES_CBC_PAD

8

N/A

8

 8 bytes

CKM_DES_DERIVE_CBC

8

N/A

8

 CK_DES_CBC_PARAMS

CKM_DES_DERIVE_ECB

8

N/A

8

 Multiple of 8 bytes
CKM_DES_ECB

8

N/A

8

 None
CKM_DES_ECB_ENCRYPT_DATA 8 N/A 8 CK_KEY_DERIVATION_STRING_DATA

CKM_DES_ECB_PAD

8

N/A

8

 None
CKM_DES_KEY_GEN

8

N/A

8

 None
CKM_DES_MAC

8

N/A

8

 CK_MAC_GENERAL_PARAMS
CKM_DES_MAC_GENERAL

8

N/A

8

 CK_MAC_GENERAL_PARAMS

CKM_DES_MDC_2_PAD1

0

N/A

0

 None

CKM_DES_OFB64

8

N/A

8

 8 bytes
CKM_DES2_KEY_GEN

16

16

16

 None

CKM_DES3_BCF

16

N/A

24

 8 bytes
CKM_DES3_CBC

16

16

24

 8 bytes
CKM_DES3_CBC_ENCRYPT_DATA 16 16 24 CK_DES_CBC_ENCRYPT_DATA_PARAMS
CKM_DES3_CBC_PAD

16

16

24

 8 bytes
CKM_DES3_CMAC

16

16

24

 8 bytes
CKM_DES3_CMAC_GENERAL

16

16

24

 8 bytes

CKM_DES3_DDD_CBC

16

N/A

24

 8 bytes

CKM_DES3_DERIVE_CBC

16

N/A

24

 CK_DES2_CBC_PARAMS
CK_DES3_CBC_PARAMS

CKM_DES3_DERIVE_ECB

0

N/A

0

 Multiple of 8 bytes
CKM_DES3_ECB

16

16

24

 None
CKM_DES3_ECB_ENCRYPT_DATA 16 16 24 CK_KEY_DERIVATION_STRING_DATA

CKM_DES3_ECB_PAD

16

16

24

 None
CKM_DES3_KEY_GEN

24

24

24

 None
CKM_DES3_MAC

16

16

24

 None
CKM_DES3_MAC_GENERAL

16

16

24

 CK_MAC_GENERAL_PARAMS

CKM_DES3_OFB64

16

16

24

 8 bytes

CKM_DES3_RETAIL_CFB_MAC

16

16

24

 8 bytes (IV)

CKM_DES3_X919_MAC

16

16

24

 CK_MAC_GENERAL_PARAMS

CKM_DES3_X919_MAC_GENERAL

16

16

24

 8 bytes

CKM_DH_PKCS_DERIVE

512

1024

4096

 Bytes (Big Integer)

CKM_DH_PKCS_KEY_PAIR_GEN

512

1024

4096

 None

CKM_DH_PKCS_PARAMETER_GEN

512

1024

4096

 None

CKM_DSA

512

2048

4096

 None

CKM_DSA_KEY_PAIR_GEN

512

2048

4096

 None

CKM_DSA_PARAMETER_GEN

512

2048

4096

 None
CKM_DSA_SHA1

512

2048

4096

 None

CKM_DSA_SHA1_PKCS

512

2048

4096

 None
CKM_DSA_SHA224 1024 2048 4096 None

CKM_DSA_SHA224_PKCS

1024

2048

4096

 None
CKM_DSA_SHA256 1024 2048 4096 None

CKM_DSA_SHA256_PKCS

1024

2048

4096

 None
CKM_EC_KEY_PAIR_GEN

64

224

571

 None
CKM_ECDH1_DERIVE

64

224

571

 CK_ECDH1_DERIVE_PARAMS
CKM_ECDSA

64

224

571

 None
CKM_ECDSA_SHA1

64

N/A

571

 None
CKM_ECDSA_SHA224

64

224

571

 None
CKM_ECDSA_SHA256

64

224

571

 None
CKM_ECDSA_SHA384

64

224

571

 None
CKM_ECDSA_SHA512

64

224

571

 None
CKM_ECDSA_GBCS_SHA256 64 224 571 None

CKM_ECIES

64

N/A

571

 CK_ECIES_PARAMS

CKM_ENCODE_ATTRIBUTES

0

0

0

 None

CKM_ENCODE_PKCS_10

0

0

0

 None

CKM_ENCODE_PUBLIC_KEY

0

0

0

 None

CKM_ENCODE_X_509

0

0

0

 CK_MECH_TYPE_AND_OBJECT

CKM_ENCODE_X_509_LOCAL_CERT

0

0

0

 None
CKM_EXTRACT_KEY_FROM_KEY

0

N/A

0

 CK_EXTRACT_PARAMS

CKM_FM_DOWNLOAD

512

2048

4096

 None

CKM_FM_DOWNLOAD_2

1024

2048

4096

 None
CKM_GENERIC_SECRET_KEY_GEN

0

0

None

 None
CKM_IDEA_CBC

16

N/A

16

 8 bytes
CKM_IDEA_CBC_PAD

16

N/A

16

 8 bytes
CKM_IDEA_ECB

16

N/A

16

 None

CKM_IDEA_ECB_PAD

16

N/A

16

 None
CKM_IDEA_KEY_GEN

16

N/A

16

 None
CKM_IDEA_MAC

16

N/A

16

 None
CKM_IDEA_MAC_GENERAL

16

N/A

16

 CK_MAC_GENERAL_PARAMS

CKM_KEY_TRANSLATION

512

N/A

4096

 None

CKM_KEY_WRAP_SET_OAEP

512

1024

4096

 CK_KEY_WRAP_SET_OAEP_PARAMS
CKM_MD2

0

N/A

0

 None
CKM_MD2_HMAC

0

N/A

0

 None
CKM_MD2_HMAC_GENERAL

0

N/A

0

 CK_MAC_GENERAL_PARAMS
CKM_MD2_KEY_DERIVATION

0

N/A

0

 None
CKM_MD2_RSA_PKCS

512

N/A

4096

 None
CKM_MD5

0

N/A

0

 None
CKM_MD5_HMAC

0

N/A

0

 None
CKM_MD5_HMAC_GENERAL

0

N/A

0

 CK_MAC_GENERAL_PARAMS
CKM_MD5_KEY_DERIVATION

0

N/A

0

 None
CKM_MD5_RSA_PKCS

512

N/A

4096

 None
CKM_MILENAGE_DERIVE 16 N/A 16 CK_MILENAGE_DERIVE_PARAMS
CKM_MILENAGE_SIGN 16 N/A 16 CK_MILENAGE_SIGN_PARAMS

CKM_NVB

0

N/A

0

 None

CKM_OS_UPGRADE

1024

1024

4096

 None

CKM_OS_UPGRADE_2

1024

1024

4096

 None
CKM_PBA_SHA1_WITH_SHA1_HMAC

20

N/A

20

 CK_PBE_PARAMS
CKM_PBE_MD2_DES_CBC

8

N/A

8

 CK_PBE_PARAMS
CKM_PBE_MD5_CAST128_CBC
(CKM_PBE_MD5_CAST5_CBC)

16

N/A

16

 CK_PBE_PARAMS
CKM_PBE_MD5_DES_CBC

8

N/A

8

 CK_PBE_PARAMS
CKM_PBE_SHA1_CAST128_CBC
(CKM_PBE_SHA1_CAST5_CBC)

16

N/A

16

 CK_PBE_PARAMS
CKM_PBE_SHA1_DES2_EDE_CBC

16

N/A

16

 CK_PBE_PARAMS
CKM_PBE_SHA1_DES3_EDE_CBC

24

N/A

24

 CK_PBE_PARAMS
CKM_PBE_SHA1_RC2_40_CBC

5

N/A

5

 CK_PBE_PARAMS
CKM_PBE_SHA1_RC2_128_CBC

16

N/A

16

 CK_PBE_PARAMS
CKM_PBE_SHA1_RC4_40

5

N/A

5

 CK_PBE_PARAMS
CKM_PBE_SHA1_RC4_128

16

N/A

16

 CK_PBE_PARAMS

CKM_PKCS12_PBE_EXPORT

1

N/A

None

 CKM_PKCS12_PBE_EXPORT_PARAMS

CKM_PKCS12_PBE_IMPORT

1

N/A

None

 CKM_PKCS12_PBE_IMPORT_PARAMS

CKM_PP_LOAD_SECRET

1

1

None

 CK_PP_LOAD_SECRET_PARAMS
CKM_RC2_CBC

1

N/A

128

 CK_RC2_CBC_PARAMS
CKM_RC2_CBC_PAD

1

N/A

128

 CK_RC2_CBC_PARAMS
CKM_RC2_ECB

1

N/A

128

 CK_RC2_PARAMS

CKM_RC2_ECB_PAD

1

N/A

128

 CK_RC2_PARAMS
CKM_RC2_KEY_GEN

1

N/A

128

 None
CKM_RC2_MAC

1

N/A

128

 CK_RC2_PARAMS
CKM_RC2_MAC_GENERAL

1

N/A

128

 CK_RC2_MAC_GENERAL_PARAMS
CKM_RC4

0

N/A

256

 None
CKM_RC4_KEY_GEN

0

N/A

256

 None
CKM_REPLICATE_TOKEN_RSA_AES

2048

2048

4096

 CK_REPLICATE_TOKEN_PARAMS
CKM_RIPEMD128

0

N/A

0

 None
CKM_RIPEMD128_HMAC

0

N/A

0

 None
CKM_RIPEMD128_HMAC_GENERAL

0

N/A

0

 CK_MAC_GENERAL_PARAMS
CKM_RIPEMD128_RSA_PKCS

512

N/A

4096

 None
CKM_RIPEMD160

0

N/A

0

 None
CKM_RIPEMD160_HMAC

0

N/A

0

 None
CKM_RIPEMD160_HMAC_GENERAL

0

N/A

0

CK_MAC_GENERAL_PARAMS

CKM_RIPEMD160_RSA_PKCS

512

N/A

4096

 None
CKM_RSA_9796

512

N/A

4096

 None
CKM_RSA_FIPS_186_4_PRIME_KEY_PAIR_GEN 2048 2048 4096 CK_ULONG (optional)

CKM_RSA_PKCS

512

2048

4096

 None

CKM_RSA_PKCS_KEY_PAIR_GEN

512

2048

4096

 None

CKM_RSA_PKCS_OAEP

512

2048

4096

 CK_RSA_PKCS_OAEP_PARAMS

CKM_RSA_PKCS_PSS

512

2048

4096

 CK_RSA_PKCS_PSS_PARAMS

CKM_RSA_X_509

512

2048

4096

 None

CKM_RSA_X9_31_KEY_PAIR_GEN

1024

2048

4096

 None

CKM_SECRET_RECOVER_WITH_ATTRIBUTES

0

0

None

 CK_SECRET_SHARE_PARAMS

CKM_SECRET_SHARE_WITH_ATTRIBUTES

0

0

None

 None

CKM_SEED_CBC

16

N/A

16

 16 bytes

CKM_SEED_CBC_PAD

16

N/A

16

 16 bytes

CKM_SEED_ECB

16

N/A

16

 None

CKM_SEED_ECB_PAD

16

N/A

16

 None

CKM_SEED_KEY_GEN

16

N/A

16

 None

CKM_SEED_MAC

16

N/A

16

 None

CKM_SEED_MAC_GENERAL

16

N/A

16

 CK_MAC_GENERAL_PARAMS

CKM_SET_ATTRIBUTES

1024

1024

4096

 None
CKM_SHA1

0

0

0

None
CKM_SHA1_HMAC

0

10

None

 None
CKM_SHA1_HMAC_GENERAL

0

10

None

 CK_MAC_GENERAL_PARAMS
CKM_SHA1_KEY_DERIVATION

0

N/A

0

 None

CKM_SHA1_RSA_PKCS

512

2048

4096

 None

CKM_SHA1_RSA_PKCS_PSS

512

2048

4096

 CK_RSA_PKCS_PSS_PARAMS

CKM_SHA1_RSA_PKCS_TIMESTAMP

512

N/A

4096

 CK_TIMESTAMP_PARAMS
CKM_SHA224

0

0

0

 None
CKM_SHA224_HMAC

0

14

None

 None
CKM_SHA224_HMAC_GENERAL

0

14

None

 CK_MAC_GENERAL_PARAMS
CKM_SHA224_KEY_DERIVATION

0

N/A

0

 None

CKM_SHA224_RSA_PKCS

512

2048

4096

 None

CKM_SHA224_RSA_PKCS_PSS

512

2048

4096

 CK_RSA_PKCS_PSS_PARAMS
CKM_SHA256

0

0

0

 None
CKM_SHA256_HMAC

0

16

None

 None
CKM_SHA256_HMAC_GENERAL

0

16

None

 CK_MAC_GENERAL_PARAMS
CKM_SHA256_KEY_DERIVATION

0

N/A

0

 None

CKM_SHA256_RSA_PKCS

512

2048

4096

 None

CKM_SHA256_RSA_PKCS_PSS

512

2048

4096

 CK_RSA_PKCS_PSS_PARAMS
CKM_SHA384

0

0

0

 None
CKM_SHA384_HMAC

0

24

None

 None
CKM_SHA384_HMAC_GENERAL

0

24

None

 CK_MAC_GENERAL_PARAMS
CKM_SHA384_KEY_DERIVATION

0

N/A

0

 None

CKM_SHA384_RSA_PKCS

640

2048

4096

 None

CKM_SHA384_RSA_PKCS_PSS

640

2048

4096

 CK_RSA_PKCS_PSS_PARAMS
CKM_SHA512

0

0

0

 None
CKM_SHA512_HMAC

0

32

None

 None
CKM_SHA512_HMAC_GENERAL

0

32

None

 CK_MAC_GENERAL_PARAMS
CKM_SHA512_KEY_DERIVATION

0

N/A

0

 None

CKM_SHA512_RSA_PKCS

768

2048

4096

 None

CKM_SHA512_RSA_PKCS_PSS

768

2048

4096

 CK_RSA_PKCS_PSS_PARAMS
CKM_SSL3_KEY_AND_MAC_DERIVE

48

N/A

48

 CK_SSL3_KEY_MAT_PARAMS
CKM_SSL3_MASTER_KEY_DERIVE

48

N/A

48

 CK_SSL3_MASTER_KEY_DERIVE_PARAMS
CKM_SSL3_MD5_MAC

0

0

None

 CK_MAC_GENERAL_PARAMS
CKM_SSL3_PRE_MASTER_KEY_GEN

48

48

48

 CK_VERSION
CKM_SSL3_SHA1_MAC

0

N/A

None

 CK_MAC_GENERAL_PARAMS
CKM_TDEA_TKW 64 N/A 64 None

CKM_VISA_CVV

16

N/A

16

 None

CKM_WRAPKEY_AES_CBC

16

16

32

 None
CKM_WRAPKEY_AES_KWP 128 N/A 256 None

CKM_WRAPKEY_DES3_CBC

0

0

0

 None

CKM_WRAPKEY_DES3_ECB

0

0

0

 None

CKM_WRAPKEYBLOB_AES_CBC

16

16

32

 None

CKM_WRAPKEYBLOB_DES3_CBC

0

0

0

 None

CKM_X9_42_DH_DERIVE

1024

1024

4096

 CK_X9_42_DH1_DERIVE_PARAMS

CKM_X9_42_DH_KEY_PAIR_GEN

1024

1024

4096

 None

CKM_X9_42_DH_PARAMETER_GEN

1024

1024

4096

 None
CKM_XOR_BASE_AND_DATA

0

N/A

None

 CK_KEY_DERIVATION_STRING_DATA

CKM_XOR_BASE_AND_KEY

0

N/A

None

 CK_OBJECT_HANDLE

CKM_ZKA_MDC_2_KEY_DERIVATION

0

N/A

0

 arbitrary byte length

NOTE   Key size limitations specified above may be further limited, depending on the specific operation being performed. For example: CKM_DES3_CBC specifies a 16-byte key as a lower limit, but in FIPS mode, such keys are only allowed for legacy decryption operations and not new encryptions. See the section detailing the relevant mechanism for more information.


Customer Support Portal

SafeNet ProtectToolkit 5.5 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.