Algorithm Support

SHA1withRSA

RSASSA-PKCS_v1.5 using SHA1

SHA224withRSA

RSASSA-PKCS_v1.5 using SHA224

SHA256withRSA

RSASSA-PKCS_v1.5 using SHA256

SHA384withRSA

RSASSA-PKCS_v1.5 using SHA384

SHA512withRSA

RSASSA-PKCS_v1.5 using SHA512

NONEwithRSA

RSASSA-PKCS_v1.5

Depending on the Signer. Generally only supported by

.

SHA1withRSAandMGF1

RSASSA-PSS using SHA1

SHA224withRSAandMGF1

RSASSA-PSS using SHA224

SHA256withRSAandMGF1

RSASSA-PSS using SHA256

SHA384withRSAandMGF1

RSASSA-PSS using SHA384

SHA512withRSAandMGF1

RSASSA-PSS using SHA512

NONEwithRSAandMGF1

RSASSA-PSS

Not supported by Java/SunPKCS11.

SHA1withECDSA

ECDSA using SHA1

SHA224withECDSA

ECDSA using SHA224

SHA256withECDSA

ECDSA using SHA256

SHA384withECDSA

ECDSA using SHA384

SHA512withECDSA

ECDSA using SHA512

NONEwithECDSA

ECDSA

Depending on the Signer. Generally only supported by

.

RSA

1024
2048
4096

Other key lengths are likely also working.

ECDSA

Named curves:

• secp256r1 / prime256v1 / P-256

• secp384r1

• secp521r1

More named curves are likely working.

ECDSA

Explicit Parameters

A signer can be configured using the EXPLICTECC parameter (see Other Properties) to encode the EC parameters explicitly in the request. This goes for the supported named curves but a named curve is still needed when generating the key-pair.

But certificates with explicit EC parameters can no be read from the token.

If the token contains certificates with explicit parameters the token can not be used by this crypto token until those certificates has been removed!

Instead store the certificates in the worker configuration and certificates with explicit EC parameters can be used that way.

AES

128
256