P11NGCryptoToken Algorithm Support
This Crypto Token relies on support for the algorithm in the PKCS#11 standard, the used PKCS#11 driver from the HSM vendor and the supported algorithms in the HSM. A complete list of supported algorithms can thus not be compiled here and the following lists algorithms that are tested and known to work with an HSM supporting it. Also, see the specific SignServer Signer for algorithms that signers can work with and review signerspecific algorithm support pages.
Note that the JackNJI11CryptoToken has been renamed P11NGCryptoToken as of SignServer 6.0.
Signature Algorithms
Algorithm Name  Also Known As  Comment  

SHA1withRSA  RSASSAPKCS_v1.5 using SHA1  
SHA224withRSA  RSASSAPKCS_v1.5 using SHA224  
SHA256withRSA  RSASSAPKCS_v1.5 using SHA256  
SHA384withRSA  RSASSAPKCS_v1.5 using SHA384  
SHA512withRSA  RSASSAPKCS_v1.5 using SHA512  
NONEwithRSA  RSASSAPKCS_v1.5  Depending on the Signer. Generally only supported by Plain Signer.  
SHA1withRSAandMGF1  RSASSAPSS using SHA1  
SHA224withRSAandMGF1  RSASSAPSS using SHA224  
SHA256withRSAandMGF1  RSASSAPSS using SHA256  
SHA384withRSAandMGF1  RSASSAPSS using SHA384  
SHA512withRSAandMGF1  RSASSAPSS using SHA512  
NONEwithRSAandMGF1  RSASSAPSS  Depending on the Signer. Generally only supported by Plain Signer.  
SHA1withECDSA  ECDSA using SHA1  
SHA224withECDSA  ECDSA using SHA224  
SHA256withECDSA  ECDSA using SHA256  
SHA384withECDSA  ECDSA using SHA384  
SHA512withECDSA  ECDSA using SHA512  
NONEwithECDSA  ECDSA  Depending on the signer. Generally only supported by Plain Signer.  
Ed25519  Pure EdDSA with Edwards25519  Depending on the Signer.  
Ed25519ph  Hash EdDSA with Edwards25519  Not yet implemented.  
Ed25519ctx  Context EdDSA with Edwards25519  Not yet implemented.  
Ed448  Pure EdDSA with Edwards448  Depending on the Signer.  
Ed448ph  Hash EdDSA with Edwards448  Not yet implemented.  
LMS  Experimental. Do not use it in production.  
Dilithium2  Experimental. Do not use it in production.  
Dilithium3  Experimental. Do not use it in production.  
Dilithium5  Experimental. Do not use it in production. 
Key Algorithms
Algorithm Name  Key Specification  Comment  

RSA  Just key length:
Key length and public exponent (some examples):
 Other key lengths are likely also working. For RSA it is possible to use a different exponent by suffixing the number with an "exp" followed by the exponent in decimal or prefixed with "0x" for hexadecimal. (see Crypto Token Generate Key Page) The default value for the exponent is 65537.  
ECDSA  Named curves:
 More named curves are likely working.  
ECDSA  Explicit parameters  A signer can be configured using the EXPLICTECC parameter (see Other Properties) to encode the EC parameters explicitly in the request. This goes for the supported named curves and a named curve is still needed when generating the keypair. Certificates with explicit parameters can be stored in the token.  
EdDSA  Ed25519  
AES  128 256  
Dilithium  Dilithium2 Dilithium3 Dilithium5  Experimental. Do not use it in production.  
LMS  LMS_SHA256_N32_H5  Experimental. Do not use it in production. 
Related Content

Page:

Page:

Page:

Page:

Page:

Page:

Page:

Page:

Page:

Page: