Please note A caution about insecure default algorithms.
"rsaEncryption")."sha1WithRSAEncryption" (RSA-SHA1) (default)"sha224WithRSAEncryption" (RSA-SHA224)"sha256WithRSAEncryption" (RSA-SHA256) [minimum recommended]"sha384WithRSAEncryption" (RSA-SHA384)"sha512WithRSAEncryption" (RSA-SHA512)"md5WithRSAEncryption" (RSA-MD5) [legacy, not recommended for new implementations]"md2WithRSAEncryption" [legacy, definitely not recommended]"rsaPSS" and the RSAES-OAEP encryption scheme with the following hash algorithms:
"sha1" (RSA-PSS-SHA1)"sha224" (RSA-PSS-SHA224)"sha256" (RSA-PSS-SHA256)"sha384" (RSA-PSS-SHA384)"sha512" (RSA-PSS-SHA512)"dsaWithSha1" and
DSA public key "DSAPublicKey" for verifying X.509 certificates and CMS SignedData objects only
(but inherited DSS parameters are not supported).ecdsaWithSHA1 (ECDSA-SHA1)ecdsaWithSHA224 (ECDSA-SHA224)ecdsaWithSHA256 (ECDSA-SHA256) [minimum recommended]ecdsaWithSHA384 (ECDSA-SHA384)ecdsaWithSHA512 (ECDSA-SHA512)P-192, also known as secp192r1 and prime192v1P-224, also known as secp224r1P-256, also known as secp256r1 and prime256v1 [minimum recommended]P-384, also known as secp384r1P-512, also known as secp512r1secp256k1 (the Bitcoin curve) brainpoolP256r1 [RFC5639]brainpoolP384r1 [RFC5639]brainpoolP512r1 [RFC5639]"des-EDE3-CBC" (default)"aes128-CBC" [minimum recommended]"aes192-CBC""aes256-CBC"In addition, the following algorithm can be read by the CMS_ReadEnvData[ToString] functions:
"rc2CBC" with 40-bit or 128-bit effective key sizes"aes128-Wrap" (default)"aes192-Wrap""aes256-Wrap""cms3DESWrap""sha1" or "sha-1" (default)"sha224""sha256" [minimum recommended]"sha384""sha512""md5""md2""ripemd160"We keep MD2 here so we can reproduce the examples from RSA Laboratories' 1993 paper [PKCS-EX] and to do tests with some (very old) X.509 certificates. You are recommended to use at least SHA-256 in new applications.
For generating HMAC message authentication codes with the HMAC_ functions.
"hmacWithSHA1""hmacWithSHA224""hmacWithSHA256" [minimum recommended]"hmacWithSHA384""hmacWithSHA512""hmacWithMD5" [legacy, not recommended for new applications]These algorithms from PKCS#5 and PKCS#12 can be used to create PKCS#8 encrypted private key files:
"pbeWithSHAAnd3-KeyTripleDES-CBC" (default)"pkcs5PBES2" using the pkcs5PBKDF2 key derivation function with encryption algorithms:
"des-EDE3-CBC""aes128-CBC" [minimum recommended]"aes192-CBC""aes256-CBC""pbeWithMD5AndDES-CBC" [legacy, not recommended for new applications]"pbeWithMD2AndDES-CBC" [legacy, not recommended for new applications]"pbeWithSHA1AndDES-CBC" [legacy, not recommended for new applications]In addition to those above, the following legacy algorithms can be read by the RSA_ReadEncPrivateKey function:
"pkcs5PBES2" using pkcs5PBKDF2 with "desCBC""pkcs5PBES2" using pkcs5PBKDF2 with "rc2CBC""pbeWithSHAAnd128BitRC2-CBC""pbeWithSHAAnd40BitRC2-CBC""pbeWithMD5AndRC2-CBC""pbeWithMD2AndRC2-CBC""pbeWithSHA1AndRC2-CBC""EncryptedPrivateKeyInfo" (default for private keys)"RSAPublicKey" (default for public keys)"PrivateKeyInfo""RSAPrivateKey" (OpenSSL private key file format)"SubjectPublicKeyInfo" (OpenSSL public key file format)The above key values can be passed as (a) a binary DER-encoded ASN.1 file, (b) a text file in PEM format, (c) a string containing the key in PEM format.
Also supported are RSA private and public keys represented in XML format to XKMS 2.0 [XKMS] and JSON Web Key (JWK) format [JWK]. For more details, see Key Storage Format.
EncryptedPrivateKeyInfo using "id-ecPublicKey" (default for private keys)PrivateKeyInfoECPrivateKey from [RFC5915]SubjectPublicKeyInfo from [RFC5480] for public keys (default)These elliptic curve key values can be passed as (a) a binary DER-encoded ASN.1 file, (b) a text file in PEM format, (c) a string containing the key in PEM format.