Cryptography
Keychain supports many different encryption schemes and ciphers, providing users fine-grained control over the algorithms underpinning their Keychain-secured application.
Symmetric Ciphers
The table below shows the ciphers used to encrypt messages. Keychain employs symmetric message keys which are then asymmetrically encrypted for each intended recipient.
| Scheme Name | Description | Block/key Lengths | Standardization |
|---|---|---|---|
AES-GCM |
AES block cipher in GCM mode |
128, 192, 256 |
ISO/IEC 18033-3 |
Camelia-GCM |
Camelia block cipher in GCM mode |
128, 192, 256 |
ISO/IEC 18033-3 |
Asymmetric Encryption
The table below shows the schemes that can be used for asymmetric encryption within Keychain.
| Scheme Name | Description | Block/key Lengths | Standardization |
|---|---|---|---|
ECIES-ECP |
Elliptic curve integrated encryption scheme with operations over prime integer fields |
160, 224, 256, 384, 521 |
ANSI X9.63, IEEE 1363a, ISO/IEC 18033-2, SECG SEC-1 |
RSA-OAEP-SHA |
RSA encryption scheme using OAEP padding with SHA hashing |
1024, 2048, 3072, 4096 |
ANSI X9.44, IEEE P1363, ISO 18033-2 |
DLIES |
Discrete logarithm integrated encryption scheme over a field of integers |
1024, 2048, 3072, 4096 |
ANSI X9.63, IEEE 1363a, ISO/IEC 18033-2 |
Digital Signatures
The table below shows the schemes that can be used for signatures within Keychain.
| Scheme Name | Description | Block/key Lengths | Standardization |
|---|---|---|---|
ECDSA-ECP |
Elliptic curve digital signature scheme with operations over prime integer fields and SHA-256 hashing |
112, 128, 160, 192, 224, 256, 384, 521 |
FIPS-186 |
ECGDSA-ECP |
Elliptic curve German digital signature scheme with operations over prime integer fields and SHA-256 hashing |
112, 128, 160, 192, 224, 256, 384, 521 |
FIPS-186 |
DSA |
Digital signature scheme |
1024, 2048, 3072 |
FIPS-186-3 |
RSA-SS |
RSA signature scheme with appendix using SHA-256 |
1024, 2048, 3072, 4096 |