Name | Use | Mandatory | Change from 4210 |
---|---|---|---|
MSG_SIG_ALG | protection of PKI messages using signature | RSA | DSA/SHA1 Others: RSA/MD5, ECDSA |
MSG_MAC_ALG | protection of PKI messages using MACing | PasswordBasedMac (RECOMMENDED: PBMAC1) |
PasswordBasedMac Others: HMAC, X9.9 |
SYM_PENC_ALG | symmetric encryption of an end entity's private key where symmetric key is distributed out-of-band | AES-wrap | 3-DES(3-key-EDE), CBC Mode Others: AES, RC5, CAST-128 |
PROT_ENC_ALG | asymmetric algorithm used for encryption of (symmetric keys for encryption of) private keys transported in PKIMessages | D-H | D-H Others: RSA, ECDH |
PROT_SYM_ALG | symmetric encryption algorithm used for encryption of private key bits (a key of this type is encrypted using PROT_ENC_ALG) | AES-CBC | 3-DES(3-key-EDE), CBC Mode Others: AES, RC5, CAST-128 |
Name | Use | Examples |
---|---|---|
MSG_SIG_ALG | protection of PKI messages using signature and for SignedData, e.g., a private key transported in PKIMessages | RSA, ECDSA, EdDSA |
MSG_MAC_ALG | protection of PKI messages using MACing | PasswordBasedMac (see Section 9), PBMAC1 |
KM_KA_ALG | asymmetric key agreement algorithm used for agreement of a symmetric key for use with KM_KW_ALG | D-H, ECDH |
KM_KT_ALG | asymmetric key encryption algorithm used for transport of a symmetric key for PROT_SYM_ALG | RSA |
KM_KD_ALG | symmetric key derivation algorithm used for derivation of a symmetric key for use with KM_KW_ALG | PBKDF2 |
KM_KW_ALG | algorithm to wrap a symmetric key for PROT_SYM_ALG | AES-wrap |
PROT_SYM_ALG | symmetric content encryption algorithm used for encryption of EnvelopedData, e.g., a private key transported in PKIMessages | AES-CBC |