This page describes the algorithms supported by Fortanix Self-Defending Key Management Service (KMS).
| Algorithm | Model/Method | Key lengths, Curves, or Moduli | Use |
|---|---|---|---|
| AES | ECB, CBC, CFB, CTR, GCM, CCM, OFB, KW, KWP, CMAC | 128, 192, or 256 bits | Data Encryption/Decryption, Key Wrapping/Unwrapping, and Key Derivation |
| ECDSA | Hash algorithms used in sign/verify: SHA-1, SHA-256, SHA-384, SHA-512, SSL3, Blake2b (256, 384, 512), Blake2s-256 | P-192, P-224, P-256, P-384, P-521, SecP192K1, SecP224K1, SecP256K1 | Digital Signature Generation and Verification |
| ECDH | P-192, P-224, P-256, P-384, P-521, SecP192K1, SecP224K1, SecP256K1 | Key Exchange | |
| RSA |
Encryption: PKCS1 v1.5, OAEP Sign/Verify: PKCS1 v1.5, PSS Hash algorithms used in sign/verify: SHA-1, SHA-256, SHA-384, SHA-512, SSL3, Blake2b (256, 384, 512), Blake2s-256 |
Between 1024 and 8192 bits | Data Encryption/Decryption, Digital Signature Generation and Verification |
| DES | ECB, CBC | 56 bits | Data Encryption/Decryption, Key Wrapping/Unwrapping, and Key Derivation |
| 3DES | ECB, CBC | 168 bits | Data Encryption/Decryption, Key Wrapping/Unwrapping, and Key Derivation |
| HMAC |
HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 |
Between 128 and 512 bits | Message Authentication |
| SHS | SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 | Message Digest | |
| Blockchain | Bitcoin, Bitcoin Cash, Litecoin, Ethereum | SecP256K1 | Transaction Signing and HD Wallet Key Derivation (BIP-32) |