Supported Algorithms
This page answers the most commom questions about scope of algorithms and technologies supported by SecureBlackbox, all in one place.
Please note that higher-level technologies often use their own variations of algorithms, which may see a particular algorithm not being supported with that particular technology. For example, TLS does not define ciphersuites to be used with TWOFISH, so while this algorithm is supported by SecureBlackbox is general, it won't be available in TLS components.
Symmetric cryptography
Here is a comprehensive list of symmetric algorithms supported by SecureBlackbox.
- AES (Rijndael): 128, 192, and 256 bit
- Blowfish: 128 to 448 bit
- Camellia: 128, 192, and 256 bit
- CAST5: 128 bit
- ChaCha20: 256 bit
- DES: 56 bit
- 3DES-EDE: 168 bit
- IDEA: 128 bit
- RC2: 128 bit
- RC4: 64-128 bit (stream cipher)
- Serpent: 128, 192, and 256 bit
- Twofish: 128, 192, and 256 bit
The following symmetric cipher modes are supported: ECB, CBC, CTR, CFB8, GCM, CCM (AEAD).
Public key cryptography
The following public key (asymmetric) cryptographic algorithms are supported:
- RSA (PKCS#1, OAEP, and PSS variants)
- ECDSA (see the list of supported curves below)
- EdDSA (curve 448, curve 25519)
- Elgamal
- DSA
- Diffie-Hellman
Supported Elliptic Curves:
- SEC2 recommended curves over a prime field (SECP112R1, SECP112R2, SECP128R1, SECP128R2, SECP160K1, SECP160R1, SECP160R2, SECP192K1, SECP192R1, SECP224K1, SECP224R1, SECP256K1, SECP256R1, SECP384R1, SECP521R1)
- SEC2 recommended curves over extended binary field (SECT113R1, SECT113R2, SECT131R1, SECT131R2, SECT163K1, SECT163R1, SECT163R2, SECT193R1, SECT193R2, SECT233K1, SECT233R1, SECT239K1, SECT283K1, SECT283R1, SECT409K1, SECT409R1, SECT571K1, SECT571R1)
- X9.62 recommended curves over a prime field (PRIME192V1, PRIME192V2, PRIME192V3, PRIME239V1, PRIME239V2, PRIME239V3, PRIME256V1)
- X9.62 recommended curves over an extended binary field (C2PNB163V1, C2PNB163V2, C2PNB163V3, C2PNB176W1, C2TNB191V1, C2TNB191V2, C2TNB191V3, C2ONB191V4, C2ONB191V5, C2PNB208W1, C2TNB239V1, C2TNB239V2, C2TNB239V3, C2ONB239V4, C2ONB239V5, C2PNB272W1, C2PNB304W1, C2TNB359V1, C2PNB368W1, C2TNB431R1)
- NIST recommended curves over a prime field (P192, P224, P256, P384, P521)
- NIST recommended curves over an extended binary field (B163, B233, B283, B409, B571)
- NIST recommended Koblitz curves (K163, K233, K283, K409, K571)
- Brainpool curves (P160R1, P160T1, P192R1, P192T1, P224R1, P224T1, P256R1, P256T1, P320R1, P320T1, P384R1, P384T1, P512R1, P512T1)
- Edwards curves (curve 25519, curve 448)
Hash algorithms
The following hash algorithms are supported.
- SHA256
- SHA384
- SHA512
- SHA224
- SHA3-256
- SHA3-384
- SHA3-512
- SHA3-224
- RIPEMD160
- Whirlpool
- Poly1305
- Argon2
- Blake2
- SHAKE
- SHA1
- MD5
- MD4
- MD2
- CRC32 (*)
- HMAC (SHA1, SHA2, SHA3, RIPEMD160-based)
- UMAC
(*) CRC is not exactly a hash algorithm, but we include it in this category for being close enough to it.
TLS ciphersuites
Below follows a comprehensive list of ciphersuites supported by SecureBlackbox. Note that not all of the ciphersuites are enabled by default, and, when enabled, some have higher priorities than the others.- NULL_NULL_NULL
- RSA_NULL_MD5
- RSA_NULL_SHA
- RSA_RC4_MD5
- RSA_RC4_SHA
- RSA_RC2_MD5
- RSA_IDEA_MD5
- RSA_IDEA_SHA
- RSA_DES_MD5
- RSA_DES_SHA
- RSA_3DES_MD5
- RSA_3DES_SHA
- RSA_AES128_SHA
- RSA_AES256_SHA
- DH_DSS_DES_SHA
- DH_DSS_3DES_SHA
- DH_DSS_AES128_SHA
- DH_DSS_AES256_SHA
- DH_RSA_DES_SHA
- DH_RSA_3DES_SHA
- DH_RSA_AES128_SHA
- DH_RSA_AES256_SHA
- DHE_DSS_DES_SHA
- DHE_DSS_3DES_SHA
- DHE_DSS_AES128_SHA
- DHE_DSS_AES256_SHA
- DHE_RSA_DES_SHA
- DHE_RSA_3DES_SHA
- DHE_RSA_AES128_SHA
- DHE_RSA_AES256_SHA
- DH_ANON_RC4_MD5
- DH_ANON_DES_SHA
- DH_ANON_3DES_SHA
- DH_ANON_AES128_SHA
- DH_ANON_AES256_SHA
- RSA_RC2_MD5_EXPORT
- RSA_RC4_MD5_EXPORT
- RSA_DES_SHA_EXPORT
- DH_DSS_DES_SHA_EXPORT
- DH_RSA_DES_SHA_EXPORT
- DHE_DSS_DES_SHA_EXPORT
- DHE_RSA_DES_SHA_EXPORT
- DH_ANON_RC4_MD5_EXPORT
- DH_ANON_DES_SHA_EXPORT
- RSA_CAMELLIA128_SHA
- DH_DSS_CAMELLIA128_SHA
- DH_RSA_CAMELLIA128_SHA
- DHE_DSS_CAMELLIA128_SHA
- DHE_RSA_CAMELLIA128_SHA
- DH_ANON_CAMELLIA128_SHA
- RSA_CAMELLIA256_SHA
- DH_DSS_CAMELLIA256_SHA
- DH_RSA_CAMELLIA256_SHA
- DHE_DSS_CAMELLIA256_SHA
- DHE_RSA_CAMELLIA256_SHA
- DH_ANON_CAMELLIA256_SHA
- PSK_RC4_SHA
- PSK_3DES_SHA
- PSK_AES128_SHA
- PSK_AES256_SHA
- DHE_PSK_RC4_SHA
- DHE_PSK_3DES_SHA
- DHE_PSK_AES128_SHA
- DHE_PSK_AES256_SHA
- RSA_PSK_RC4_SHA
- RSA_PSK_3DES_SHA
- RSA_PSK_AES128_SHA
- RSA_PSK_AES256_SHA
- RSA_SEED_SHA
- DH_DSS_SEED_SHA
- DH_RSA_SEED_SHA
- DHE_DSS_SEED_SHA
- DHE_RSA_SEED_SHA
- DH_ANON_SEED_SHA
- SRP_SHA_3DES_SHA
- SRP_SHA_RSA_3DES_SHA
- SRP_SHA_DSS_3DES_SHA
- SRP_SHA_AES128_SHA
- SRP_SHA_RSA_AES128_SHA
- SRP_SHA_DSS_AES128_SHA
- SRP_SHA_AES256_SHA
- SRP_SHA_RSA_AES256_SHA
- SRP_SHA_DSS_AES256_SHA
- ECDH_ECDSA_NULL_SHA
- ECDH_ECDSA_RC4_SHA
- ECDH_ECDSA_3DES_SHA
- ECDH_ECDSA_AES128_SHA
- ECDH_ECDSA_AES256_SHA
- ECDHE_ECDSA_NULL_SHA
- ECDHE_ECDSA_RC4_SHA
- ECDHE_ECDSA_3DES_SHA
- ECDHE_ECDSA_AES128_SHA
- ECDHE_ECDSA_AES256_SHA
- ECDH_RSA_NULL_SHA
- ECDH_RSA_RC4_SHA
- ECDH_RSA_3DES_SHA
- ECDH_RSA_AES128_SHA
- ECDH_RSA_AES256_SHA
- ECDHE_RSA_NULL_SHA
- ECDHE_RSA_RC4_SHA
- ECDHE_RSA_3DES_SHA
- ECDHE_RSA_AES128_SHA
- ECDHE_RSA_AES256_SHA
- ECDH_ANON_NULL_SHA
- ECDH_ANON_RC4_SHA
- ECDH_ANON_3DES_SHA
- ECDH_ANON_AES128_SHA
- ECDH_ANON_AES256_SHA
- RSA_NULL_SHA256
- RSA_AES128_SHA256
- RSA_AES256_SHA256
- DH_DSS_AES128_SHA256
- DH_RSA_AES128_SHA256
- DHE_DSS_AES128_SHA256
- DHE_RSA_AES128_SHA256
- DH_DSS_AES256_SHA256
- DH_RSA_AES256_SHA256
- DHE_DSS_AES256_SHA256
- DHE_RSA_AES256_SHA256
- DH_ANON_AES128_SHA256
- DH_ANON_AES256_SHA256
- RSA_AES128_GCM_SHA256
- RSA_AES256_GCM_SHA384
- DHE_RSA_AES128_GCM_SHA256
- DHE_RSA_AES256_GCM_SHA384
- DH_RSA_AES128_GCM_SHA256
- DH_RSA_AES256_GCM_SHA384
- DHE_DSS_AES128_GCM_SHA256
- DHE_DSS_AES256_GCM_SHA384
- DH_DSS_AES128_GCM_SHA256
- DH_DSS_AES256_GCM_SHA384
- DH_ANON_AES128_GCM_SHA256
- DH_ANON_AES256_GCM_SHA384
- ECDHE_ECDSA_AES128_SHA256
- ECDHE_ECDSA_AES256_SHA384
- ECDH_ECDSA_AES128_SHA256
- ECDH_ECDSA_AES256_SHA384
- ECDHE_RSA_AES128_SHA256
- ECDHE_RSA_AES256_SHA384
- ECDH_RSA_AES128_SHA256
- ECDH_RSA_AES256_SHA384
- ECDHE_ECDSA_AES128_GCM_SHA256
- ECDHE_ECDSA_AES256_GCM_SHA384
- ECDH_ECDSA_AES128_GCM_SHA256
- ECDH_ECDSA_AES256_GCM_SHA384
- ECDHE_RSA_AES128_GCM_SHA256
- ECDHE_RSA_AES256_GCM_SHA384
- ECDH_RSA_AES128_GCM_SHA256
- ECDH_RSA_AES256_GCM_SHA384
- PSK_AES128_GCM_SHA256
- PSK_AES256_GCM_SHA384
- DHE_PSK_AES128_GCM_SHA256
- DHE_PSK_AES256_GCM_SHA384
- RSA_PSK_AES128_GCM_SHA256
- RSA_PSK_AES256_GCM_SHA384
- PSK_AES128_SHA256
- PSK_AES256_SHA384
- PSK_NULL_SHA256
- PSK_NULL_SHA384
- DHE_PSK_AES128_SHA256
- DHE_PSK_AES256_SHA384
- DHE_PSK_NULL_SHA256
- DHE_PSK_NULL_SHA384
- RSA_PSK_AES128_SHA256
- RSA_PSK_AES256_SHA384
- RSA_PSK_NULL_SHA256
- RSA_PSK_NULL_SHA384
- RSA_CAMELLIA128_SHA256
- DH_DSS_CAMELLIA128_SHA256
- DH_RSA_CAMELLIA128_SHA256
- DHE_DSS_CAMELLIA128_SHA256
- DHE_RSA_CAMELLIA128_SHA256
- DH_ANON_CAMELLIA128_SHA256
- RSA_CAMELLIA256_SHA256
- DH_DSS_CAMELLIA256_SHA256
- DH_RSA_CAMELLIA256_SHA256
- DHE_DSS_CAMELLIA256_SHA256
- DHE_RSA_CAMELLIA256_SHA256
- DH_ANON_CAMELLIA256_SHA256
- ECDHE_ECDSA_CAMELLIA128_SHA256
- ECDHE_ECDSA_CAMELLIA256_SHA384
- ECDH_ECDSA_CAMELLIA128_SHA256
- ECDH_ECDSA_CAMELLIA256_SHA384
- ECDHE_RSA_CAMELLIA128_SHA256
- ECDHE_RSA_CAMELLIA256_SHA384
- ECDH_RSA_CAMELLIA128_SHA256
- ECDH_RSA_CAMELLIA256_SHA384
- RSA_CAMELLIA128_GCM_SHA256
- RSA_CAMELLIA256_GCM_SHA384
- DHE_RSA_CAMELLIA128_GCM_SHA256
- DHE_RSA_CAMELLIA256_GCM_SHA384
- DH_RSA_CAMELLIA128_GCM_SHA256
- DH_RSA_CAMELLIA256_GCM_SHA384
- DHE_DSS_CAMELLIA128_GCM_SHA256
- DHE_DSS_CAMELLIA256_GCM_SHA384
- DH_DSS_CAMELLIA128_GCM_SHA256
- DH_DSS_CAMELLIA256_GCM_SHA384
- DH_ANON_CAMELLIA128_GCM_SHA256
- DH_ANON_CAMELLIA256_GCM_SHA384
- ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
- ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
- ECDH_ECDSA_CAMELLIA128_GCM_SHA256
- ECDH_ECDSA_CAMELLIA256_GCM_SHA384
- ECDHE_RSA_CAMELLIA128_GCM_SHA256
- ECDHE_RSA_CAMELLIA256_GCM_SHA384
- ECDH_RSA_CAMELLIA128_GCM_SHA256
- ECDH_RSA_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_GCM_SHA256
- PSK_CAMELLIA256_GCM_SHA384
- DHE_PSK_CAMELLIA128_GCM_SHA256
- DHE_PSK_CAMELLIA256_GCM_SHA384
- RSA_PSK_CAMELLIA128_GCM_SHA256
- RSA_PSK_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_SHA256
- PSK_CAMELLIA256_SHA384
- DHE_PSK_CAMELLIA128_SHA256
- DHE_PSK_CAMELLIA256_SHA384
- RSA_PSK_CAMELLIA128_SHA256
- RSA_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_CAMELLIA128_SHA256
- ECDHE_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_RC4_SHA
- ECDHE_PSK_3DES_SHA
- ECDHE_PSK_AES128_SHA
- ECDHE_PSK_AES256_SHA
- ECDHE_PSK_AES128_SHA256
- ECDHE_PSK_AES256_SHA384
- ECDHE_PSK_NULL_SHA
- ECDHE_PSK_NULL_SHA256
- ECDHE_PSK_NULL_SHA384
- ECDHE_RSA_CHACHA20_POLY1305_SHA256
- ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
- DHE_RSA_CHACHA20_POLY1305_SHA256
- PSK_CHACHA20_POLY1305_SHA256
- ECDHE_PSK_CHACHA20_POLY1305_SHA256
- DHE_PSK_CHACHA20_POLY1305_SHA256
- RSA_PSK_CHACHA20_POLY1305_SHA256
- AES128_GCM_SHA256
- AES256_GCM_SHA384
- CHACHA20_POLY1305_SHA256
- AES128_CCM_SHA256
- AES128_CCM8_SHA256
SSH algorithms
The following SSH algorithms are supported. All ciphers are given in the notation used in the SSH specification.
- Symmetric key algorithms: aes128-gcm, aes256-gcm, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305, chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, blowfish-ctr, twofish128-ctr, twofish192-ctr, twofish256-ctr, serpent128-ctr, serpent192-ctr, serpent256-ctr, idea-ctr, cast128-ctr, arcfour128, arcfour256, 3des-cbc, blowfish-cbc, twofish256-cbc, twofish192-cbc, twofish128-cbc, aes256-cbc, aes192-cbc, aes128-cbc, serpent256-cbc, serpent192-cbc, serpent128-cbc, arcfour, idea-cbc, cast128-cbc, des-cbc, none.
- Public key algorithms: ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, ssh-ed25519, ssh-ed448 ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ecdsa-sha2-nistk163, ecdsa-sha2-nistp192, ecdsa-sha2-nistp224, ecdsa-sha2-nistk233, ecdsa-sha2-nistb233, ecdsa-sha2-nistk283, ecdsa-sha2-nistk409, ecdsa-sha2-nistb409, ecdsa-sha2-nistt571, ecdsa-sha2-curve25519, x509v3-ssh-rsa, x509v3-ssh-dss, x509v3-rsa2048-sha256, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, x509v3-ecdsa-sha2-nistk163, x509v3-ecdsa-sha2-nistp192, x509v3-ecdsa-sha2-nistp224, x509v3-ecdsa-sha2-nistk233, x509v3-ecdsa-sha2-nistb233, x509v3-ecdsa-sha2-nistk283, x509v3-ecdsa-sha2-nistk409, x509v3-ecdsa-sha2-nistb409, x509v3-ecdsa-sha2-nistt571, x509v3-ecdsa-sha2-curve25519, ssh-ed25519, ssh-ed448, rsa-sha2-256, rsa-sha2-512,
- Key exchange algorithms: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, rsa1024-sha1, rsa2048-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ecdh-sha2-nistk163, ecdh-sha2-nistp192, ecdh-sha2-nistp224, ecdh-sha2-nistk233, ecdh-sha2-nistb233, ecdh-sha2-nistk283, ecdh-sha2-nistk409, ecdh-sha2-nistb409, ecdh-sha2-nistt571, ecdh-sha2-curve25519, curve25519-sha256@libssh.org, curve448-sha512@libssh.org gss-gex-sha1-*, gss-group1-sha1-*, gss-group14-sha1-*, diffie-hellman-group14-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512, diffie-hellman-group18-sha512,
- Hash (MAC) algorithms: hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160, hmac-ripemd, hmac-ripemd160@openssh.com, hmac-sha256@ssh.com, hmac-sha256-96@ssh.com, umac-32@openssh.com, umac-64@openssh.com, umac-96@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, aes128-gcm, aes256-gcm, chacha20-poly1305@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, none