Supported Algorithms

Public key encryption and signature algorithms

• RSA public key encryption ("rsaEncryption").
• RSA-KEM key transport algorithm ("kem-rsa" within a "ac-generic-hybrid") [provisonally added in v3.2; withdrawn in v3.4].
• The signature algorithms from PKCS#1, namely:
  • "sha1WithRSAEncryption" (default)
  • "md5WithRSAEncryption"
  • "md2WithRSAEncryption"
  • "sha224WithRSAEncryption"
  • "sha256WithRSAEncryption"
  • "sha384WithRSAEncryption"
  • "sha512WithRSAEncryption"
• The ANSI X9.57 signature algorithm "dsaWithSha1" and DSA public key "DSAPublicKey" for verifying X.509 certificates and CMS SignedData objects only (but inherited DSS parameters are not supported).

Symmetric block cipher algorithms for content encryption

• "des-EDE3-CBC" (default)
• "aes128-CBC"
• "aes192-CBC"
• "aes256-CBC"

In addition, the following algorithm can be read by the CMS_ReadEnvData[ToString] functions:

• "rc2CBC" with 40-bit or 128-bit effective key sizes

Block cipher algorithms for key wrapping

• "aes128-Wrap" (default)
• "aes192-Wrap"
• "aes256-Wrap"
• "cms3DESWrap"

Message digest hash algorithms

• "sha1" or "sha-1" (default)
• "md5"
• "md2"
• "sha224"
• "sha256"
• "sha384"
• "sha512"

We keep MD2 here so we can reproduce the examples from RSA Laboratories' 1993 paper [PKCS-EX] and because we still find the odd X.509 certificate using it. You are recommended to use at least SHA-1 in new applications.

HMAC keyed-hash algorithms

For generating HMAC message authentication codes with the HMAC_ functions.

• "hmacWithSHA1"
• "hmacWithSHA224"
• "hmacWithSHA256"
• "hmacWithSHA384"
• "hmacWithSHA512"
• "hmacWithMD5"

Password-based encryption algorithms

These algorithms from PKCS#5 and PKCS#12 can be used to create PKCS#8 encrypted private key files by the RSA_SaveEncPrivateKey and RSA_MakeKeys functions:

• "pbeWithSHAAnd3-KeyTripleDES-CBC" (default)
• "pbeWithMD5AndDES-CBC"
• "pbeWithMD2AndDES-CBC"
• "pbeWithSHA1AndDES-CBC"
• "pkcs5PBES2" with
  • "des-EDE3-CBC"
  • "aes128-CBC"
  • "aes192-CBC"
  • "aes256-CBC"

In addition to those above, the following algorithms can be read by the RSA_ReadEncPrivateKey function:

• "pkcs5PBES2" with "desCBC"
• "pkcs5PBES2" with "rc2CBC"
• "pbeWithSHAAnd128BitRC2-CBC"
• "pbeWithSHAAnd40BitRC2-CBC"
• "pbeWithMD5AndRC2-CBC"
• "pbeWithMD2AndRC2-CBC"
• "pbeWithSHA1AndRC2-CBC"

RSA Key Formats

Supported formats for RSA keys are as per PKCS#1 and PKCS#8.

• "RSAPublicKey (default for public keys)
• "PrivateKeyInfo" with "rsaEncryption"
• "EncryptedPrivateKeyInfo" with "rsaEncryption" (default for private keys)

XML format to XKMS 2.0 is also supported.

CMS Content Types

• EnvelopedData content type (CMS version 0) with EncryptedContentInfo.
• SignedData content types (CMS version 1) with optional signed attributes:
  • CMS objects of type SignedData suitable for use in S/MIME "application/pkcs7-mime" messages.
  • "Detached signature" CMS SignedData objects suitable to use in S/MIME "multipart/signed" messages.
  • Degenerate SignedData "certs-only" messages, a.k.a. PKCS#7 certificate chains.

Only CMS objects with an id-data inner content type are supported. The RecipientIdentifier must be issuerAndSerialNumber.

X.509 Certificates

• You can create your own X.509 certificates as either Version 1 or Version 3 (default).
• You can create a self-signed CA certificate and use this to create your own internal chain of signed certificates.
• A Certificate Signing Request (CSR) file can be created to be submitted to the CA of your choice.
• The most commonly used options for X.509 distinguished names are provided: see Specifying Distinguished Names.
• Optional key usage extensions and rfc822Name subject alternative name extension can be added.
• [New in v3.5] X.509 certificate revocation lists (CRLs) can be read and version 1 CRLs can be created.
• Unicode character sets like UniversalString and BMPString are not supported, but UTF8 is.