.. hsm2-algorithms.rst .. _hsm2-concepts-algorithms-label: ================================================== YubiHSM Algorithms ================================================== Following table describes algorithm names to be used with YubiHSM Shell for the algorithms supported by YubiHSM 2. The table includes the externally common name, YubiHSM shell name, and common usage. .. table:: +-----------------------------+------------------------------+----------------+-------+-------------------+ | Name | yubihsm-shell name | EC Curve | Value | Usage | +=============================+==============================+================+=======+===================+ | AES 128 | aes128 | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES 192 | aes192 | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES 256 | aes256 | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES CBC | aes-cbc | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES ECB | aes-ecb | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES128 CCM WRAP | aes128-ccm-wrap | | 29 | Generate Wrap key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES192 CCM WRAP | aes192-ccm-wrap | | 41 || Generate and | | | | | || store wrap key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES256 CCM WRAP | aes256-ccm-wrap | | 43 || Generate and | | | | | || store wrap key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | AES KWP | aes-kwp | | 55 | Internal use only | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC BP256 | ecbp256 | brainpool256r1 | 15 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC BP384 | ecbp384 | brainpool384r1 | 16 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC BP512 | ecbp512 | brainpool512r1 | 17 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC ECDH | ecdh | | 24 | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC K256 | eck256 | secp256k1 | 15 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC P224 | ecp224 | secp224r1 | 12 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC P256 | ecp256 | secp256r1 | 13 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC P384 | ecp384 | secp384r1 | 14 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | EC P521 | ecp521 | secp521r1 | 47 | Generate EC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | ECDSA SHA1 | ecdsa-sha1 | | 23 | ECDSA sign | +-----------------------------+------------------------------+----------------+-------+-------------------+ | ECDSA SHA256 | ecdsa-sha256 | | 43 | ECDSA sign | +-----------------------------+------------------------------+----------------+-------+-------------------+ | ECDSA SHA384 | ecdsa-sha384 | | 44 | ECDSA sign | +-----------------------------+------------------------------+----------------+-------+-------------------+ | ECDSA SHA512 | ecdsa-sha512 | | 45 | ECDSA sign | +-----------------------------+------------------------------+----------------+-------+-------------------+ | ED25519 | ed25519 | | 46 | Generate ED key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | HMAC SHA1 | hmac-sha1 | | 19 | Generate HMAC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | HMAC SHA256 | hmac-sha256 | | 20 | Generate HMAC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | HMAC SHA384 | hmac-sha384 | | 21 | Generate HMAC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | HMAC SHA512 | hmac-sha512 | | 22 | Generate HMAC key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | MGF1 SHA1 | mgf1-sha1 | | 32 || RSA sign with | | | | | || PSS and RSA | | | | | || decrypt with OAEP| +-----------------------------+------------------------------+----------------+-------+-------------------+ | MGF1 SHA256 | mgf1-sha256 | | 33 || RSA sign with | | | | | || PSS and RSA | | | | | || decrypt with OAEP| +-----------------------------+------------------------------+----------------+-------+-------------------+ | MGF1 SHA384 | mgf1-sha384 | | 34 || RSA sign with | | | | | || PSS and RSA | | | | | || decrypt with OAEP| +-----------------------------+------------------------------+----------------+-------+-------------------+ | MGF1 SHA512 | mgf1-sha512 | | 35 || RSA sign with | | | | | || PSS and RSA | | | | | || decrypt with OAEP| +-----------------------------+------------------------------+----------------+-------+-------------------+ | Opaque Data | opaque-data | | 30 || Store raw data | | | | | || as an opaque | | | | | || object | +-----------------------------+------------------------------+----------------+-------+-------------------+ | Opaque X509 Certificate | opaque-x509-certificate | | 31 || Store | | | | | || X509Certificate | | | | | || as an opaque | | | | | || object | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA 2048 | rsa2048 | | 9 | Generate RSA key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA 3072 | rsa3072 | | 10 | Generate RSA key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA 4096 | rsa4096 | | 11 | Generate RSA key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA OAEP SHA1 | rsa-oaep-sha1 | | 25 || RSA decrypt with | | | | | || OAEP | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA OAEP SHA256 | rsa-oaep-sha256 | | 26 || RSA decrypt with | | | | | || OAEP | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA OAEP SHA384 | rsa-oaep-sha384 | | 27 || RSA decrypt with | | | | | || OAEP | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA OAEP SHA512 | rsa-oaep-sha512 | | 28 || RSA decrypt with | | | | | || OAEP | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PKCS1 SHA1 | rsa-pkcs1-sha1 | | 1 || RSA sign with | | | | | || PKCS1.5 | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PKCS1 SHA256 | rsa-pkcs1-sha256 | | 2 || RSA sign with | | | | | || PKCS1.5 | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PKCS1 SHA384 | rsa-pkcs1-sha384 | | 3 || RSA sign with | | | | | || PKCS1.5 | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PKCS1 SHA512 | rsa-pkcs1-sha512 | | 4 || RSA sign with | | | | | || PKCS1.5 | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PSS SHA1 | rsa-pss-sha1 | | 5 | RSA sign with PSS | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PSS SHA256 | rsa-pss-sha256 | | 6 | RSA sign with PSS | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PSS SHA384 | rsa-pss-sha384 | | 7 | RSA sign with PSS | +-----------------------------+------------------------------+----------------+-------+-------------------+ | RSA PSS SHA512 | rsa-pss-sha512 | | 8 | RSA sign with PSS | +-----------------------------+------------------------------+----------------+-------+-------------------+ | SSH Template | template-ssh | | 36 || Store an SSH | | | | | || template (a | | | | | || binary object | | | | | || used to restrict | | | | | || how and when an | | | | | || SSH CA private | | | | | || key should be | | | | | || used) | +-----------------------------+------------------------------+----------------+-------+-------------------+ | Yubico AES Authentication | aes128-yubico-authentication | | 38 || Store | | | | | || authentication | | | | | || key | +-----------------------------+------------------------------+----------------+-------+-------------------+ || Yubico Asymmetric | ecp256-yubico-authentication | | | | || Authentication | | | | | +-----------------------------+------------------------------+----------------+-------+-------------------+ | Yubico OTP AES128 | aes128-yubico-otp | | 37 || Generate OTP AEAD| | | | | || key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | Yubico OTP AES192 | aes192-yubico-otp | | 39 || Generate OTP AEAD| | | | | || key | +-----------------------------+------------------------------+----------------+-------+-------------------+ | Yubico OTP AES256 | aes256-yubico-otp | | 40 || Generate OTP AEAD| | | | | || key | +-----------------------------+------------------------------+----------------+-------+-------------------+