SafeNet ProtectToolkit-C Mechanisms

Characteristics of all SafeNet ProtectToolkit-C mechanisms are summarized in the pages that follow. Both PKCS #11 standard mechanisms and Gemalto-proprietary mechanisms are included.

Available Mechanisms contains a full list of available mechanisms and a secondary list of mechanisms that are available in FIPS Mode. Continue to the individual mechanism pages for full descriptions.

NOTE   Functions in bold are Gemalto-proprietary. See also Vendor-Defined Error Codes.

Table 1: Available Mechanisms
All Mechanisms FIPS Mode Mechanisms
CKM_AES_CBC CKM_AES_CBC
CKM_AES_CBC_ENCRYPT_DATA Not available
CKM_AES_CBC_PAD CKM_AES_CBC_PAD
CKM_AES_CMAC CKM_AES_CMAC
CKM_AES_CMAC_GENERAL CKM_AES_CMAC_GENERAL
CKM_AES_ECB CKM_AES_ECB
CKM_AES_ECB_ENCRYPT_DATA Not available
CKM_AES_GCM CKM_AES_GCM
CKM_AES_KEY_GEN CKM_AES_KEY_GEN
CKM_AES_KEY_WRAP CKM_AES_KEY_WRAP
CKM_AES_KEY_WRAP_PAD CKM_AES_KEY_WRAP_PAD
CKM_AES_KW CKM_AES_KW
CKM_AES_KWP CKM_AES_KWP
CKM_AES_MAC Not available
CKM_AES_MAC_GENERAL Not available
CKM_AES_OFB CKM_AES_OFB
CKM_ARDFP Not available
CKM_ARIA_CBC Not available
CKM_ARIA_CBC_PAD Not available
CKM_ARIA_ECB Not available
CKM_ARIA_KEY_GEN Not available
CKM_ARIA_MAC Not available
CKM_ARIA_MAC_GENERAL Not available
CKM_BIP32_CHILD_DERIVE Not available
CKM_BIP32_MASTER_DERIVE Not available
CKM_CAST128_CBC
(CKM_CAST5_CBC)
Not available
CKM_CAST128_CBC_PAD
(CKM_CAST5_CBC_PAD)
Not available
CKM_CAST128_ECB
(CKM_CAST5_ECB)
Not available
CKM_CAST128_ECB_PAD Not available
CKM_CAST128_KEY_GEN
(CKM_CAST5_KEY_GEN)
Not available
CKM_CAST128_MAC
(CKM_CAST5_MAC)
Not available
CKM_CAST128_MAC_GENERAL
(CKM_CAST5_MAC_GENERAL)
Not available
CKM_CONCATENATE_BASE_AND_DATA Not available
CKM_CONCATENATE_BASE_AND_KEY Not available
CKM_CONCATENATE_DATA_AND_BASE Not available
CKM_DECODE_PKCS_7 CKM_DECODE_PKCS_7
CKM_DECODE_X_509 CKM_DECODE_X_509
CKM_DES_BCF Not available
CKM_DES_CBC Not available
CKM_DES_CBC_ENCRYPT_DATA Not available
CKM_DES_CBC_PAD Not available
CKM_DES_DERIVE_CBC Not available
CKM_DES_DERIVE_ECB Not available
CKM_DES_ECB Not available
CKM_DES_ECB_ENCRYPT_DATA Not available
CKM_DES_ECB_PAD Not available
CKM_DES_KEY_GEN Not available
CKM_DES_MAC Not available
CKM_DES_MAC_GENERAL Not available
CKM_DES_MDC_2_PAD1 Not available
CKM_DES_OFB64 Not available
CKM_DES2_KEY_GEN CKM_DES2_KEY_GEN
CKM_DES3_BCF Not available
CKM_DES3_CBC CKM_DES3_CBC
CKM_DES3_CBC_ENCRYPT_DATA Not available
CKM_DES3_CBC_PAD CKM_DES3_CBC_PAD
CKM_DES3_CMAC CKM_DES3_CMAC
CKM_DES3_CMAC_GENERAL CKM_DES3_CMAC_GENERAL
CKM_DES3_DDD_CBC Not available
CKM_DES3_DERIVE_CBC_DEPRECATED Not available
CKM_DES3_DERIVE_ECB_DEPRECATED Not available
CKM_DES3_ECB CKM_DES3_ECB
CKM_DES3_ECB_ENCRYPT_DATA Not available
CKM_DES3_ECB_PAD CKM_DES3_ECB_PAD
CKM_DES3_KEY_GEN CKM_DES3_KEY_GEN
CKM_DES3_MAC CKM_DES3_MAC
CKM_DES3_MAC_GENERAL CKM_DES3_MAC_GENERAL
CKM_DES3_OFB64 CKM_DES3_OFB64
CKM_DES3_RETAIL_CFB_MAC CKM_DES3_RETAIL_CFB_MAC
CKM_DES3_X919_MAC CKM_DES3_X919_MAC
CKM_DES3_X919_MAC_GENERAL CKM_DES3_X919_MAC_GENERAL
CKM_DH_PKCS_DERIVE CKM_DH_PKCS_DERIVE
CKM_DH_PKCS_KEY_PAIR_GEN CKM_DH_PKCS_KEY_PAIR_GEN
CKM_DH_PKCS_PARAMETER_GEN CKM_DH_PKCS_PARAMETER_GEN
CKM_DSA CKM_DSA
CKM_DSA_KEY_PAIR_GEN CKM_DSA_KEY_PAIR_GEN
CKM_DSA_PARAMETER_GEN CKM_DSA_PARAMETER_GEN
CKM_DSA_SHA1 CKM_DSA_SHA1
CKM_DSA_SHA1_PKCS CKM_DSA_SHA1_PKCS
CKM_DSA_SHA224 CKM_DSA_SHA224
CKM_DSA_SHA224_PKCS CKM_DSA_SHA224_PKCS
CKM_DSA_SHA256 CKM_DSA_SHA256
CKM_DSA_SHA256_PKCS CKM_DSA_SHA256_PKCS
CKM_EC_KEY_PAIR_GEN CKM_EC_KEY_PAIR_GEN
CKM_ECDH1_DERIVE CKM_ECDH1_DERIVE
CKM_ECDSA CKM_ECDSA
CKM_ECDSA_GBCS_SHA256 CKM_ECDSA_GBCS_SHA256
CKM_ECDSA_SHA1 CKM_ECDSA_SHA1
CKM_ECDSA_SHA3_224 CKM_ECDSA_SHA3_224
CKM_ECDSA_SHA3_256 CKM_ECDSA_SHA3_256
CKM_ECDSA_SHA3_384 CKM_ECDSA_SHA3_384
CKM_ECDSA_SHA3_512 CKM_ECDSA_SHA3_512
CKM_ECDSA_SHA224 CKM_ECDSA_SHA224
CKM_ECDSA_SHA256 CKM_ECDSA_SHA256
CKM_ECDSA_SHA384 CKM_ECDSA_SHA384
CKM_ECDSA_SHA512 CKM_ECDSA_SHA512
CKM_ECIES Not available
CKM_ENCODE_ATTRIBUTES CKM_ENCODE_ATTRIBUTES
CKM_ENCODE_PKCS_10 CKM_ENCODE_PKCS_10
CKM_ENCODE_PUBLIC_KEY CKM_ENCODE_PUBLIC_KEY
CKM_ENCODE_X_509 CKM_ENCODE_X_509
CKM_ENCODE_X_509_LOCAL_CERT CKM_ENCODE_X_509_LOCAL_CERT
CKM_EXTRACT_KEY_FROM_KEY Not available
CKM_GENERIC_SECRET_KEY_GEN CKM_GENERIC_SECRET_KEY_GEN
CKM_IDEA_CBC Not available
CKM_IDEA_CBC_PAD Not available
CKM_IDEA_ECB Not available
CKM_IDEA_ECB_PAD Not available
CKM_IDEA_KEY_GEN Not available
CKM_IDEA_MAC Not available
CKM_IDEA_MAC_GENERAL Not available
CKM_KEY_TRANSLATION Not available
CKM_KEY_WRAP_SET_OAEP CKM_KEY_WRAP_SET_OAEP
CKM_MD2 Not available
CKM_MD2_HMAC Not available
CKM_MD2_HMAC_GENERAL Not available
CKM_MD2_KEY_DERIVATION Not available
CKM_MD2_RSA_PKCS Not available
CKM_MD5 Not available
CKM_MD5_HMAC Not available
CKM_MD5_HMAC_GENERAL Not available
CKM_MD5_KEY_DERIVATION Not available
CKM_MD5_RSA_PKCS Not available
CKM_MILENAGE_DERIVE Not available
CKM_MILENAGE_SIGN Not available
CKM_NVB Not available
CKM_PBA_SHA1_WITH_SHA1_HMAC Not available
CKM_PBE_MD2_DES_CBC Not available
CKM_PBE_MD5_CAST128_CBC
(CKM_PBE_MD5_CAST5_CBC)
Not available
CKM_PBE_MD5_DES_CBC Not available
CKM_PBE_SHA1_CAST128_CBC
(CKM_PBE_SHA1_CAST5_CBC)
Not available
CKM_PBE_SHA1_DES2_EDE_CBC Not available
CKM_PBE_SHA1_DES3_EDE_CBC Not available
CKM_PBE_SHA1_RC2_40_CBC Not available
CKM_PBE_SHA1_RC2_128_CBC Not available
CKM_PBE_SHA1_RC4_40 Not available
CKM_PBE_SHA1_RC4_128 Not available
CKM_PKCS12_PBE_EXPORT Not available
CKM_PKCS12_PBE_IMPORT Not available
CKM_PP_LOAD_SECRET CKM_PP_LOAD_SECRET
CKM_RC2_CBC Not available
CKM_RC2_CBC_PAD Not available
CKM_RC2_ECB Not available
CKM_RC2_ECB_PAD Not available
CKM_RC2_KEY_GEN Not available
CKM_RC2_MAC Not available
CKM_RC2_MAC_GENERAL Not available
CKM_RC4 Not available
CKM_RC4_KEY_GEN Not available
CKM_REPLICATE_TOKEN_RSA_AES CKM_REPLICATE_TOKEN_RSA_AES
CKM_RIPEMD128 Not available
CKM_RIPEMD128_HMAC Not available
CKM_RIPEMD128_HMAC_GENERAL Not available
CKM_RIPEMD128_RSA_PKCS Not available
CKM_RIPEMD160 Not available
CKM_RIPEMD160_HMAC Not available
CKM_RIPEMD160_HMAC_GENERAL Not available
CKM_RIPEMD160_RSA_PKCS Not available
CKM_RSA_9796 Not available
CKM_RSA_FIPS_186_4_PRIME_KEY_PAIR_GEN CKM_RSA_FIPS_186_4_PRIME_KEY_PAIR_GEN
CKM_RSA_PKCS CKM_RSA_PKCS
CKM_RSA_PKCS_KEY_PAIR_GEN CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_RSA_PKCS_OAEP CKM_RSA_PKCS_OAEP
CKM_RSA_PKCS_PSS CKM_RSA_PKCS_PSS
CKM_RSA_X_509 Not available
CKM_RSA_X9_31_KEY_PAIR_GEN CKM_RSA_X9_31_KEY_PAIR_GEN
CKM_SECRET_RECOVER_WITH_ATTRIBUTES CKM_SECRET_RECOVER_WITH_ATTRIBUTES
CKM_SECRET_SHARE_WITH_ATTRIBUTES CKM_SECRET_SHARE_WITH_ATTRIBUTES
CKM_SEED_CBC Not available
CKM_SEED_CBC_PAD Not available
CKM_SEED_ECB Not available
CKM_SEED_ECB_PAD Not available
CKM_SEED_KEY_GEN Not available
CKM_SEED_MAC Not available
CKM_SEED_MAC_GENERAL Not available
CKM_SET_ATTRIBUTES CKM_SET_ATTRIBUTES
CKM_SHA1 CKM_SHA1
CKM_SHA1_HMAC CKM_SHA1_HMAC
CKM_SHA1_HMAC_GENERAL CKM_SHA1_HMAC_GENERAL
CKM_SHA1_KEY_DERIVATION Not available
CKM_SHA1_RSA_PKCS CKM_SHA1_RSA_PKCS
CKM_SHA1_RSA_PKCS_PSS CKM_SHA1_RSA_PKCS_PSS
CKM_SHA1_RSA_PKCS_TIMESTAMP Not available
CKM_SHA3_224 CKM_SHA3_224
CKM_SHA3_224_HMAC CKM_SHA3_224_HMAC
CKM_SHA3_224_HMAC_GENERAL CKM_SHA3_224_HMAC_GENERAL
CKM_SHA3_224_KEY_DERIVE Not available
CKM_SHA3_224_RSA_PKCS CKM_SHA3_224_RSA_PKCS
CKM_SHA3_224_RSA_PKCS_PSS CKM_SHA3_224_RSA_PKCS_PSS
CKM_SHA3_256 CKM_SHA3_256
CKM_SHA3_256_HMAC CKM_SHA3_256_HMAC
CKM_SHA3_256_HMAC_GENERAL CKM_SHA3_256_HMAC_GENERAL
CKM_SHA3_256_KEY_DERIVE Not available
CKM_SHA3_256_RSA_PKCS CKM_SHA3_256_RSA_PKCS
CKM_SHA3_256_RSA_PKCS_PSS CKM_SHA3_256_RSA_PKCS_PSS
CKM_SHA3_384 CKM_SHA3_384
CKM_SHA3_384_HMAC CKM_SHA3_384_HMAC
CKM_SHA3_384_HMAC_GENERAL CKM_SHA3_384_HMAC_GENERAL
CKM_SHA3_384_KEY_DERIVE Not available
CKM_SHA3_384_RSA_PKCS CKM_SHA3_384_RSA_PKCS
CKM_SHA3_384_RSA_PKCS_PSS CKM_SHA3_384_RSA_PKCS_PSS
CKM_SHA3_512 CKM_SHA3_512
CKM_SHA3_512_HMAC CKM_SHA3_512_HMAC
CKM_SHA3_512_HMAC_GENERAL CKM_SHA3_512_HMAC_GENERAL
CKM_SHA3_512_KEY_DERIVE Not available
CKM_SHA3_512_RSA_PKCS CKM_SHA3_512_RSA_PKCS
CKM_SHA3_512_RSA_PKCS_PSS CKM_SHA3_512_RSA_PKCS_PSS
CKM_SHA224 CKM_SHA224
CKM_SHA224_HMAC CKM_SHA224_HMAC
CKM_SHA224_HMAC_GENERAL CKM_SHA224_HMAC_GENERAL
CKM_SHA224_KEY_DERIVATION Not available
CKM_SHA224_RSA_PKCS CKM_SHA224_RSA_PKCS
CKM_SHA224_RSA_PKCS_PSS CKM_SHA224_RSA_PKCS_PSS
CKM_SHA256 CKM_SHA256
CKM_SHA256_HMAC CKM_SHA256_HMAC
CKM_SHA256_HMAC_GENERAL CKM_SHA256_HMAC_GENERAL
CKM_SHA256_KEY_DERIVATION Not available
CKM_SHA256_RSA_PKCS CKM_SHA256_RSA_PKCS
CKM_SHA256_RSA_PKCS_PSS CKM_SHA256_RSA_PKCS_PSS
CKM_SHA384 CKM_SHA384
CKM_SHA384_HMAC CKM_SHA384_HMAC
CKM_SHA384_HMAC_GENERAL CKM_SHA384_HMAC_GENERAL
CKM_SHA384_KEY_DERIVATION Not available
CKM_SHA384_RSA_PKCS CKM_SHA384_RSA_PKCS
CKM_SHA384_RSA_PKCS_PSS CKM_SHA384_RSA_PKCS_PSS
CKM_SHA512 CKM_SHA512
CKM_SHA512_HMAC CKM_SHA512_HMAC
CKM_SHA512_HMAC_GENERAL CKM_SHA512_HMAC_GENERAL
CKM_SHA512_KEY_DERIVATION Not available
CKM_SHA512_RSA_PKCS CKM_SHA512_RSA_PKCS
CKM_SHA512_RSA_PKCS_PSS CKM_SHA512_RSA_PKCS_PSS
CKM_SSL3_KEY_AND_MAC_DERIVE Not available
CKM_SSL3_MASTER_KEY_DERIVE Not available
CKM_SSL3_MD5_MAC Not available
CKM_SSL3_PRE_MASTER_KEY_GEN CKM_SSL3_PRE_MASTER_KEY_GEN
CKM_SSL3_SHA1_MAC Not available
CKM_TDEA_TKW CKM_TDEA_TKW
CKM_VISA_CVV Not available
CKM_WRAPKEY_AES_CBC CKM_WRAPKEY_AES_CBC
CKM_WRAPKEY_AES_KWP CKM_WRAPKEY_AES_KWP
CKM_WRAPKEY_DES3_CBC CKM_WRAPKEY_DES3_CBC
CKM_WRAPKEY_DES3_ECB CKM_WRAPKEY_DES3_ECB
CKM_WRAPKEYBLOB_AES_CBC CKM_WRAPKEYBLOB_AES_CBC
CKM_WRAPKEYBLOB_DES3_CBC CKM_WRAPKEYBLOB_DES3_CBC
CKM_X9_42_DH_DERIVE CKM_X9_42_DH_DERIVE
CKM_X9_42_DH_KEY_PAIR_GEN CKM_X9_42_DH_KEY_PAIR_GEN
CKM_X9_42_DH_PARAMETER_GEN CKM_X9_42_DH_PARAMETER_GEN
CKM_XOR_BASE_AND_DATA Not available
CKM_XOR_BASE_AND_KEY Not available
CKM_ZKA_MDC_2_KEY_DERIVATION Not available

NOTE   Key size limitations specified above may be further limited, depending on the specific operation being performed. For example: CKM_DES3_CBC specifies a 16-byte key as a lower limit, but in FIPS mode, such keys are only allowed for legacy decryption operations and not new encryptions. See the section detailing the relevant mechanism for more information.