EU FIPS Mechanism Summary

The following table provides a summary of all of the supported mechanisms for all FIPS Luna Cloud HSM Services in the EU region.

Mechanism	FIPS Approved?	Supported Functions	Functions Restricted from FIPS Use	Min Key Length (bits)	Min Key Length for FIPS Use (bits)	Min Legacy Key Length for FIPS Use (bits)	Max Key Length (bits)	Block Size	Digest Size	Key Types	Algorithms	Modes	Flags
CKM_AES_CBC	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	Cannot wrap	128	128	N/A	256	16	0	AES	AES	CBC	Extractable
CKM_AES_CBC_ENCRYPT_DATA	Yes	Derive	None	128	128	N/A	256	0	0	AES	None	None	None
CKM_AES_CBC_PAD	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	Cannot wrap	128	128	N/A	256	16	0	AES	AES	CBC_PAD	Extractable
CKM_AES_CFB8	Yes	Encrypt \| Decrypt	None	128	128	N/A	256	16	1	AES	AES	CFB	Extractable
CKM_AES_CFB128	Yes	Encrypt \| Decrypt	None	128	128	N/A	256	16	16	AES	AES	CFB	Extractable
CKM_AES_CMAC	Yes	Sign \| Verify	None	128	128	N/A	256	16	0	AES	AES	MAC	Extractable \| CMAC
CKM_AES_CMAC_GENERAL	Yes	Sign \| Verify	None	128	128	N/A	256	16	0	AES	AES	MAC	Extractable \| CMAC
CKM_AES_CTR	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	Cannot wrap	128	128	N/A	256	16	0	AES	AES	CTR	Extractable
CKM_AES_ECB	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	Cannot wrap	128	128	N/A	256	16	0	AES	AES	ECB	Extractable
CKM_AES_ECB_ENCRYPT_DATA	Yes	Derive	None	128	128	N/A	256	0	0	AES	None	None	None
CKM_AES_GCM	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	None	128	128	N/A	256	16	0	AES	AES	GCM	Extractable \| Accumulating
CKM_AES_GMAC	Yes	Sign \| Verify	None	128	128	N/A	256	16	0	AES	AES	GCM	Extractable \| Accumulating
CKM_AES_KEY_GEN	Yes	Generate Key	None	128	128	N/A	256	0	0	AES	None	None	None
CKM_AES_KW	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	None	128	128	N/A	256	8	0	AES	AES	KEYWRAP	Extractable \| Accumulating
CKM_AES_KWP	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	None	128	128	N/A	256	8	0	AES	AES	KEYWRAP_PAD	Extractable \| Accumulating
CKM_AES_OFB	Yes	Encrypt \| Decrypt	None	128	128	N/A	256	16	0	AES	AES	OFB	Extractable
CKM_AES_XTS	Yes	Encrypt \| Decrypt	None	128	128	N/A	256	16	0	AES	AES	XTS	Extractable
CKM_DSA	Yes	Sign \| Verify	None	1024	2048	1024	3072	0	0	DSA	DSA	None	None
CKM_DSA_KEY_PAIR_GEN	Yes	Generate Key Pair	None	1024	2048	1024	3072	0	0	DSA	None	None	None
CKM_DSA_PARAMETER_GEN	Yes	Generate Key	None	1024	2048	1024	3072	0	0	DSA	None	None	None
CKM_DSA_SHA1	Yes	Sign \| Verify	Cannot sign	1024	2048	1024	3072	64	20	DSA	SHA	None	Extractable
CKM_DSA_SHA224	Yes	Sign \| Verify	None	1024	2048	1024	3072	64	28	DSA	SHA224	None	Extractable
CKM_DSA_SHA256	Yes	Sign \| Verify	None	1024	2048	1024	3072	64	32	DSA	SHA256	None	Extractable
CKM_EC_KEY_PAIR_GEN	Yes	Generate Key Pair	None	105	224	160	571	0	0	ECDSA	None	None	None
CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS	Yes	Generate Key Pair	None	105	224	160	571	0	0	ECDSA	None	None	Extra bits
CKM_EC_MONTGOMERY_KEY_PAIR_GEN	Yes	Generate Key Pair	None	256	256	N/A	256	0	0	EC_MONT	None	None	None
CKM_ECDH1_COFACTOR_DERIVE	Yes	Derive	None	105	224	160	571	0	0	ECDSA \| BIP32	None	None	None
CKM_ECDH1_DERIVE	Yes	Derive	None	105	224	160	571	0	0	ECDSA \| EC_MONT \| BIP32	None	None	None
CKM_ECDSA	Yes	Sign \| Verify	None	105	224	160	571	0	0	ECDSA \| BIP32	ECDSA	None	None
CKM_ECDSA_SHA1	Yes	Sign \| Verify	Cannot sign	105	224	160	571	64	20	ECDSA \| BIP32	SHA	None	Extractable
CKM_ECDSA_SHA224	Yes	Sign \| Verify	None	105	224	160	571	64	28	ECDSA \| BIP32	SHA224	None	Extractable
CKM_ECDSA_SHA256	Yes	Sign \| Verify	None	105	224	160	571	64	32	ECDSA \| BIP32	SHA256	None	Extractable
CKM_ECDSA_SHA384	Yes	Sign \| Verify	None	105	224	160	571	128	48	ECDSA \| BIP32	SHA384	None	Extractable
CKM_ECDSA_SHA512	Yes	Sign \| Verify	None	105	224	160	571	128	(	ECDSA \| BIP32	SHA512	None	Extractable
CKM_ECIES	Yes	Encrypt \| Decrypt	None	105	224	160	571	0	0	ECDSA \| EC_MONT \| BIP32	None	None	Accumulating
CKM_GENERIC_SECRET_KEY_GEN	Yes	Generate Key	None	8	112	N/A	4096	0	0	None	None	None	None
CKM_HMAC_SHA3_224	Yes	Sign \| Verify	None	8	112	80	4096	144	28	Symmetric	SHA3_224	HMAC	Extractable
CKM_HMAC_SHA3_256	Yes	Sign \| Verify	None	8	112	80	4096	136	32	Symmetric	SHA3_256	HMAC	Extractable
CKM_HMAC_SHA3_384	Yes	Sign \| Verify	None	8	112	80	4096	104	48	Symmetric	SHA3_384	HMAC	Extractable
CKM_HMAC_SHA3_512	Yes	Sign \| Verify	None	8	112	80	4096	72	64	Symmetric	SHA3_512	HMAC	Extractable
CKM_NIST_PRF_KDF	Yes	Derive	None	8	112	N/A	4096	0	0	Symmetric	None	None	None
CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN	Yes	Generate Key Pair	None	1024	2048	1024	4096	0	0	RSA	None	None	None
CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN	Yes	Generate Key Pair	None	2048	2048	N/A	4096	0	0	RSA	None	None	None
CKM_RSA_PKCS	Yes	Sign \| Verify \| Encrypt \| Decrypt \| Wrap \| Unwrap	Cannot wrap \| Cannot legacy decrypt \| Cannot legacy unwrap \| Cannot encrypt	256	2048	1024	8192	0	0	RSA	None	None	None
CKM_RSA_PKCS_OAEP	Yes	Encrypt \| Decrypt \| Wrap \| Unwrap	None \| Cannot legacy decrypt \| Cannot legacy unwrap	256	2048	1024	8192	0	0	RSA	None	None	None
CKM_RSA_PKCS_PSS	Yes	Sign \| Verify	None	256	2048	1024	8192	0	0	RSA	None	None	None \| PSS
CKM_RSA_X9_31	Yes	Sign \| Verify	None	1024	2048	1024	8192	0	0	RSA	None	None	Extractable \| X9.31
CKM_SHA_1	Yes	Digest	Cannot sign	0	0	N/A	0	64	20	None	SHA	None	Extractable
CKM_SHA_1_HMAC	Yes	Sign \| Verify	Cannot sign	8	112	80	4096	64	20	Symmetric	SHA	HMAC	Extractable
CKM_SHA_1_HMAC_GENERAL	Yes	Sign \| Verify	Cannot sign	8	112	80	4096	64	20	Symmetric	SHA	HMAC	Extractable
CKM_SHA1_RSA_PKCS	Yes	Sign \| Verify	Cannot sign	256	2048	1024	8192	64	20	RSA	SHA	None	Extractable
CKM_SHA1_RSA_PKCS_PSS	Yes	Sign \| Verify	Cannot sign	256	2048	1024	8192	64	20	RSA	SHA	None	Extractable \| PSS
CKM_SHA1_RSA_X9_31	Yes	Sign \| Verify	Cannot sign	1024	2048	1024	8192	64	20	RSA	SHA	None	Extractable \| X9.31
CKM_SHA3_224	Yes	Digest	None	0	0	N/A	0	144	28	None	SHA3_224	None	Extractable
CKM_SHA3_224_DSA	Yes	Sign \| Verify	None	1024	2048	1024	3072	144	28	DSA	SHA3_224	None	Extractable
CKM_SHA3_224_ECDSA	Yes	Sign \| Verify	None	105	224	160	571	144	28	ECDSA \| BIP32	SHA3_224	None	Extractable
CKM_SHA3_224_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	144	28	RSA	SHA3_224	None	Extractable
CKM_SHA3_224_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	144	28	RSA	SHA3_224	None	Extractable \| PSS
CKM_SHA3_256	Yes	Digest	None	0	0	N/A	0	136	32	None	SHA3_256	None	Extractable
CKM_SHA3_256_DSA	Yes	Sign \| Verify	None	1024	2048	1024	3072	136	32	DSA	SHA3_256	None	Extractable
CKM_SHA3_256_ECDSA	Yes	Sign \| Verify	None	105	224	160	571	136	32	ECDSA \| BIP32	SHA3_256	None	Extractable
CKM_SHA3_256_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	136	32	RSA	SHA3_256	None	Extractable
CKM_SHA3_256_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	136	32	RSA	SHA3_256	None	Extractable \| PSS
CKM_SHA3_384	Yes	Digest	None	0	0	N/A	0	104	48	None	SHA3_384	None	Extractable
CKM_SHA3_384_DSA	Yes	Sign \| Verify	None	1024	2048	1024	3072	104	48	DSA	SHA3_384	None	Extractable
CKM_SHA3_384_ECDSA	Yes	Sign \| Verify	None	105	224	160	571	104	48	ECDSA \| BIP32	SHA3_384	None	Extractable
CKM_SHA3_384_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	104	48	RSA	SHA3_384	None	Extractable
CKM_SHA3_384_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	104	48	RSA	SHA3_384	None	Extractable \| PSS
CKM_SHA3_512	Yes	Digest	None	0	0	N/A	0	72	64	None	SHA3_512	None	Extractable
CKM_SHA3_512_DSA	Yes	Sign \| Verify	None	1024	2048	1024	3072	72	64	DSA	SHA3_512	None	Extractable
CKM_SHA3_512_ECDSA	Yes	Sign \| Verify	None	105	224	160	571	72	64	ECDSA \| BIP32	SHA3_512	None	Extractable
CKM_SHA3_512_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	72	64	RSA	SHA3_512	None	Extractable
CKM_SHA3_512_RSA_PKCS_PSS	Yes	Sign \| Verify	None	1024	2048	1024	8192	72	64	RSA	SHA3_512	None	Extractable \| PSS
CKM_SHA224	Yes	Digest	None	0	0	N/A	0	64	28	None	SHA224	None	Extractable
CKM_SHA224_HMAC	Yes	Sign \| Verify	None	8	112	80	4096	64	28	Symmetric	SHA224	HMAC	Extractable
CKM_SHA224_HMAC_GENERAL	Yes	Sign \| Verify	None	8	112	80	4096	64	28	Symmetric	SHA224	HMAC	Extractable
CKM_SHA224_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	64	28	RSA	SHA224	None	Extractable
CKM_SHA224_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	64	28	RSA	SHA224	None	Extractable \| PSS
CKM_SHA224_RSA_X9_31	Yes	Sign \| Verify	None	1024	2048	1024	8192	64	28	RSA	SHA224	None	Extractable \| X9.31
CKM_SHA256	Yes	Digest	None	0	0	N/A	0	64	32	None	SHA256	None	Extractable
CKM_SHA256_HMAC	Yes	Sign \| Verify	None	8	112	80	4096	64	32	Symmetric	SHA256	HMAC	Extractable
CKM_SHA256_HMAC_GENERAL	Yes	Sign \| Verify	None	8	112	80	4096	64	32	Symmetric	SHA256	HMAC	Extractable
CKM_SHA256_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	64	32	RSA	SHA256	None	Extractable
CKM_SHA256_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	64	32	RSA	SHA256	None	Extractable \| PSS
CKM_SHA256_RSA_X9_31	Yes	Sign \| Verify	None	1024	2048	1024	8192	64	32	RSA	SHA256	None	Extractable \| X9.31
CKM_SHA384	Yes	Digest	None	0	0	N/A	0	128	48	None	SHA384	None	Extractable
CKM_SHA384_HMAC	Yes	Sign \| Verify	None	8	112	80	4096	128	48	Symmetric	SHA384	HMAC	Extractable
CKM_SHA384_HMAC_GENERAL	Yes	Sign \| Verify	None	8	112	80	4096	128	48	Symmetric	SHA384	HMAC	Extractable
CKM_SHA384_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	128	48	RSA	SHA384	None	Extractable
CKM_SHA384_RSA_PKCS_PSS	Yes	Sign \| Verify	None	512	2048	1024	8192	128	48	RSA	SHA384	None	Extractable \| PSS
CKM_SHA384_RSA_X9_31	Yes	Sign \| Verify	None	1024	2048	1024	8192	128	48	RSA	SHA384	None	Extractable \| X9.31
CKM_SHA512	Yes	Digest	None	0	0	N/A	0	128	(	None	SHA512	None	Extractable
CKM_SHA512_HMAC	Yes	Sign \| Verify	None	8	112	80	4096	128	(	Symmetric	SHA512	HMAC	Extractable
CKM_SHA512_HMAC_GENERAL	Yes	Sign \| Verify	None	8	112	80	4096	128	(	Symmetric	SHA512	HMAC	Extractable
CKM_SHA512_RSA_PKCS	Yes	Sign \| Verify	None	256	2048	1024	8192	128	(	RSA	SHA512	None	Extractable
CKM_SHA512_RSA_PKCS_PSS	Yes	Sign \| Verify	None	1024	2048	1024	8192	128	(	RSA	SHA512	None	Extractable \| PSS
CKM_SHA512_RSA_X9_31	Yes	Sign \| Verify	None	1024	2048	1024	8192	128	(	RSA	SHA512	None	Extractable \| X9.31
CKM_SHAKE_128	Yes	Digest	None	0	0	N/A	0	168	0	None	SHAKE_128	None	Extractable
CKM_SHAKE_256	Yes	Digest	None	0	0	N/A	0	136	0	None	SHAKE_256	None	Extractable
CKM_X9_42_DH_DERIVE	Yes	Derive	None	1024	2048	N/A	4096	0	0	X9_42_DH	None	None	None
CKM_X9_42_DH_HYBRID_DERIVE	Yes	Derive	None	1024	2048	N/A	4096	0	0	X9_42_DH	None	None	None
CKM_X9_42_DH_KEY_PAIR_GEN	Yes	Generate Key Pair	None	1024	2048	N/A	4096	0	0	X9_42_DH	None	None	None



	SUPPORT	LEGAL
Luna Cloud HSM Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-03-21 11:07:25 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Document Information