Sorry about the red box, but we really need you to update your browser. Read this excellent article if you're wondering why we are no longer supporting this browser version. Go to Browse Happy for browser suggestions and how to update.

Supported algorithms and codes

This page describes RIM Cryptographic API support for cryptographic algorithms and cryptographic codes.

Symmetric block algorithms that the RIM Cryptographic API supports

Symmetric block algorithms use PKCS #5 for padding. The RIM Cryptographic API supports the CBC, CFB, ECB, OFB, and X modes for all algorithms. The RIM Cryptographic API implements the modes separately from the symmetric block algorithms.

Algorithm

Key length (bits)

AES

128, 192, and 256

CAST5

128

DES

56

RC2

8 to 1024

RC5®

0 to 2040

Skipjack

80

Triple DES

112 and 168

Stream encryption algorithms that the RIM Cryptographic API supports

The RIM Cryptographic API supports the ARC4 algorithm, with an unlimited key length, as the symmetric stream encryption algorithm.

The RIM Cryptographic API supports the ECIES algorithm, with an unlimited key length (160 bits to 571 bits for seeding), as the asymmetric stream encryption algorithm.

Asymmetric encryption algorithms that the RIM Cryptographic API supports

Algorithm

Key length (bits)

Type

ElGamal

512 to 4096

discrete logarithm

RSA raw

512 to 4096

integer factorization

RSA with OAEP formatting

512 to 4096

integer factorization

RSA with PKCS #1 formatting (versions 1.5 and 2.0)

512 to 4096

integer factorization

Signature scheme algorithms that the RIM Cryptographic API supports

If the signature scheme algorithm that a developer wants to use is the RSA algorithm using ANSI X9.31, ANSI X9.31 uses one of the following algorithms for the required message digest code: SHA-1, SHA-2, or RIPEMD-160.

Algorithm

Key length (bits)

Type

DSA

512 to 1024

discrete logarithm

ECDSA

160 to 571

(Elliptic Curve) discrete logarithm

ECNR

160 to 571

(Elliptic Curve) discrete logarithm

RSA using ANSI X9.31

512 to 4096

integer factorization

RSA using PKCS #1 (versions 1.5 and 2.0)

512 to 4096

integer factorization

RSA using PSS

512 to 4096

integer factorization

Key agreement scheme algorithms that the RIM Cryptographic API supports

Algorithm

Key length (bits)

Type

Diffie-Hellman

512 to 4096

discrete logarithm

ECDH

160 to 571

(Elliptic Curve) discrete logarithm

ECMQV

160 to 571

(Elliptic Curve) discrete logarithm

KEA

1024

discrete logarithm

Key generation algorithms that the RIM Cryptographic API supports

Algorithm

Key length (bits)

Type

Diffie-Hellman

512 to 4096

discrete logarithm

DSA

512 to 1024

discrete logarithm

Elliptic Curve

160 to 571

(Elliptic Curve) discrete logarithm

RSA

512 to 2048

integer factorization

Message authentication codes that the RIM Cryptographic API supports

Code

Key length (bits)

CBC-MAC

variable (block cipher key length)

HMAC

variable

Message digest codes that the RIM Cryptographic API supports

Code

Digest length (bits)

MD2

128

MD4

128

MD5

128

RIPEMD

128, 160

SHA

160, 224, 256, 384, 512

TLS and WTLS protocols that the RIM Cryptographic API supports

The RIM Cryptographic API supports the cipher suite components for the TLS protocol and WTLS protocol that apply only to direct mode SSL/TLS and WTLS.

Cipher suites for the key establishment algorithm that the RIM Cryptographic API supports

Direct mode SSL

Direct mode TLS

WTLS

DH_anon

DH_anon

RSA _768, DH_anon, DH_anon_512, DH_anon_768

DH_anon_EXPORT

DH_anon_EXPORT

RSA_anon_512

DHE_DSS

DHE_DSS

RSA_512

DHE_DSS_EXPORT

DHE_DSS_EXPORT

RSA_anon_768

RSA

RSA

RSA

RSA_EXPORT

RSA_EXPORT

RSA_anon

Symmetric algorithms that the RIM Cryptographic API supports

Direct mode SSL

Direct mode TLS

WTLS

DES

ARC4-128

RC5® -64

DES-40

RC5-56

ARC4-128

DES

RC5-128

ARC4-128

Triple DES

DES-40

ARC4-128

AES-128

DES

ARC4-128

AES-256

Triple DES

ARC4-40

ARC4-40

RC5-40

Triple DES

DES-40

RC5

Hash algorithms that the RIM Cryptographic API supports

Direct mode SSL

Direct mode TLS

WTLS

MD5

MD5

SHA

SHA-1

SHA-1

SHA-40, SHA-80, MD5, MD5-40, MD5-80

Limitations of RIM Cryptographic API support for cipher suites for the key establishment algorithm

The RIM Cryptographic API implementation of the TLS protocol and WTLS protocol supports the use of the RSA public key algorithm, DSA public key algorithm, and Diffie-Hellman key exchange algorithm, with the following limitations.

Cipher suite type

Typical component limitation

export

RSA and Diffie-Hellman: 1024 bytes or less

non-export

non elliptic curve operations: 4096 bytes

Limitations to non-export cipher suite types are due to the computational constraints of a BlackBerry smartphone.