| Name | Value | yubihsm-shell name | EC Curve | Usage |
|---|---|---|---|---|
RSA PKCS1 SHA1 |
1 |
rsa-pkcs1-sha1 |
RSA sign with PKCS1.5 |
|
RSA PKCS1 SHA256 |
2 |
rsa-pkcs1-sha256 |
RSA sign with PKCS1.5 |
|
RSA PKCS1 SHA384 |
3 |
rsa-pkcs1-sha384 |
RSA sign with PKCS1.5 |
|
RSA PKCS1 SHA512 |
4 |
rsa-pkcs1-sha512 |
RSA sign with PKCS1.5 |
|
RSA PSS SHA1 |
5 |
rsa-pss-sha1 |
RSA sign with PSS |
|
RSA PSS SHA256 |
6 |
rsa-pss-sha256 |
RSA sign with PSS |
|
RSA PSS SHA384 |
7 |
rsa-pss-sha384 |
RSA sign with PSS |
|
RSA PSS SHA512 |
8 |
rsa-pss-sha512 |
RSA sign with PSS |
|
RSA 2048 |
9 |
rsa2048 |
Generate RSA key |
|
RSA 3072 |
10 |
rsa3072 |
Generate RSA key |
|
RSA 4096 |
11 |
rsa4096 |
Generate RSA key |
|
EC P224 |
47 |
ecp224 |
secp224r1 |
Generate EC key |
EC P256 |
12 |
ecp256 |
secp256r1 |
Generate EC key |
EC P384 |
13 |
ecp384 |
secp384r1 |
Generate EC key |
EC P521 |
14 |
ecp521 |
secp521r1 |
Generate EC key |
EC K256 |
15 |
eck256 |
secp256k1 |
Generate EC key |
EC BP256 |
16 |
ecbp256 |
brainpool256r1 |
Generate EC key |
EC BP384 |
17 |
ecbp384 |
brainpool384r1 |
Generate EC key |
EC BP512 |
18 |
ecbp512 |
brainpool512r1 |
Generate EC key |
HMAC SHA1 |
19 |
hmac-sha1 |
Generate HMAC key |
|
HMAC SHA256 |
20 |
hmac-sha256 |
Generate HMAC key |
|
HMAC SHA384 |
21 |
hmac-sha384 |
Generate HMAC key |
|
HMAC SHA512 |
22 |
hmac-sha512 |
Generate HMAC key |
|
ECDSA SHA1 |
23 |
ecdsa-sha1 |
ECDSA sign |
|
EC ECDH |
24 |
ecdh |
||
RSA PKCS1.5 Decrypt |
48 |
rsa-pkcs1-decrypt |
RSA Decrypt with PKCS1.5 |
|
RSA OAEP SHA1 |
25 |
rsa-oaep-sha1 |
RSA decrypt with OAEP |
|
RSA OAEP SHA256 |
26 |
rsa-oaep-sha256 |
RSA decrypt with OAEP |
|
RSA OAEP SHA384 |
27 |
rsa-oaep-sha384 |
RSA decrypt with OAEP |
|
RSA OAEP SHA512 |
28 |
rsa-oaep-sha512 |
RSA decrypt with OAEP |
|
Opaque Data |
30 |
opaque-data |
Store raw data as an opaque object |
|
Opaque X509 Certificate |
31 |
opaque-x509-certificate |
Store X509Certificate as an opaque object |
|
MGF1 SHA1 |
32 |
mgf1-sha1 |
RSA sign with PSS and RSA decrypt with OAEP |
|
MGF1 SHA256 |
33 |
mgf1-sha256 |
RSA sign with PSS and RSA decrypt with OAEP |
|
MGF1 SHA384 |
34 |
mgf1-sha384 |
RSA sign with PSS and RSA decrypt with OAEP |
|
MGF1 SHA512 |
35 |
mgf1-sha512 |
RSA sign with PSS and RSA decrypt with OAEP |
|
SSH Template |
36 |
template-ssh |
Store an SSH template (a binary object used to restrict how and when an SSH CA private key should be used) |
|
Yubico OTP AES128 |
37 |
aes128-yubico-otp |
Generate OTP AEAD key |
|
Yubico AES Authentication |
38 |
aes128-yubico-authentication |
Store authentication key |
|
Yubico EC P256 Authentication |
49 |
ecp256-yubico-authentication |
Store asymmetric authentication key (Available with firmware version 2.3.1 or later) |
|
Yubico OTP AES192 |
39 |
aes192-yubico-otp |
Generate OTP AEAD key |
|
Yubico OTP AES256 |
40 |
aes256-yubico-otp |
Generate OTP AEAD key |
|
AES128 CCM WRAP |
29 |
aes128-ccm-wrap |
Generate Wrap key |
|
AES192 CCM WRAP |
41 |
aes192-ccm-wrap |
Generate and store wrap key |
|
AES256 CCM WRAP |
42 |
aes256-ccm-wrap |
Generate and store wrap key |
|
ECDSA SHA256 |
43 |
ecdsa-sha256 |
ECDSA sign |
|
ECDSA SHA384 |
44 |
ecdsa-sha384 |
ECDSA sign |
|
ECDSA SHA512 |
45 |
ecdsa-sha512 |
ECDSA sign |
|
ED25519 |
46 |
ed25519 |
Generate ED key |
|
AES128 |
50 |
aes128 |
Generate AES key (Available with firmware version 2.3.1 or later) |
|
AES192 |
51 |
aes192 |
Generate AES key (Available with firmware version 2.3.1 or later) |
|
AES256 |
52 |
aes256 |
Generate AES key (Available with firmware version 2.3.1 or later) |
|
AES ECB |
53 |
aes-ecb |
AES-ECB encryption/decryption (Available with firmware version 2.3.1 or later) |
|
AES CBC |
54 |
aes-cbc |
AES-CBC encryption/decryption (Available with firmware version 2.3.1 or later) |