This list highlights some of the components of Entrust products and the standards with which these products comply.

    Symmetric Encryption Algorithms

    • U.S. Data Encryption Standard (DES) in accordance with U.S. FIPS PUB 46-2 and ANSI X3.92
    • U.S. Advanced Encryption Standard (AES) in accordance with U.S. FIPS PUB 197 (256-bit keys supported) and NIST SP 800-38D section 8.22
    • CAST block cipher in accordance with RFC 2144 (64-bit, 80-bit, and 128-bit variations are supported)
    • Triple-DES in accordance with ANSI X9.52 (3-key variant for an effective key size of 168-bits is supported)
    • RC2® in accordance with RFC 2268 (40-bit and 128-bit variations are supported);
    • IDEA as listed in the ISO/IEC 9979 Register of Cryptographic Algorithms (128-bit supported)

    Note: DES, CAST, Triple-DES, RC2 and IDEA encryption all use CBC mode of operation in accordance with U.S. FIPS PUB 81, ANSI X3.106 and ISO/IEC 10116

    Digital Signature Algorithms

    • RSA in accordance with Public Key Cryptographic Standards (PKCS) specification PKCS#1 Version 2.1(PKCS1-v1.5 and PKCS-v2 OAEP encryption schemes, RSASSA-PKCS1-v1.5 and RSASSA-PSS signature schemes with EMSA-PKCS1-v1.5 and EMSA-PSS encoding, and I2OSP,OS2IP, RSASP1 and RSAVP primitives), ANSI X9.31, IEEE 1363, ISO/IEC 14888-3 and U.S. FIPS PUB 186-3 (1024-bit, 2048-bit, 3072-bit) and support for 4096-bit and 6144-bit keys.
    • DSA in accordance with the Digital Signature Standard, U.S. FIPS PUB 186-2, ANSI X9.30 Part 1, IEEE P1363 and ISO/IEC 14888-3 (1024-bit supported)
    • ECDSA in accordance with ANSI X9.62, IEEE P1363, ISO/IEC 14888-3 and U.S. FIPS PUB 186-3 (192-bit default)

    One-Way Hash Functions

    • SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 in accordance to U.S. FIPS PUB 180-2 and ANSI X9.30 Part 2
    • MD5 Message-Digest algorithm in accordance with RFC 1321
    • MD2 Message-Digest algorithm in accordance with RFC 1319
    • RIPEMD-160 in accordance with ISO/IEC 10118-3:1998

    Key Exchange Algorithms

    • RSA key transfer in accordance with RFC 1421 and RFC 1423 (PEM), PKCS#1 Version 2.0, IEEE P1363
    • Elliptic Curve Diffie-Hellman (ECDH) in accordance with NIST SP 800-56A and ANSI X9.63
    • Diffie-Hellman key agreement in accordance with PKCS#3
    • Simple Public-Key GSS-API Mechanism (SPKM) authentication and key agreement in accordance with RFC 2025, ISO/IEC 9798-3 and U.S. FIPS PUB 196
    • SSL v3 and TLS v1 in accordance with RFC 2246

    Symmetric Integrity Techniques

    • MAC in accordance with U.S. FIPS PUB 113 (for DES-MAC) and X9.19
    • CMAC in accordance with NIST SP 800-38B
    • HMAC in accordance with RFC 2104

    Psuedo Random Number Generator

    • Psuedo random number generator in accordance with ANSI X9.17 (Appendix C) and FIPS 186-3
    • DRBG using SHA512 in accordance with NIST SP 800-90 and FIPS 186-3

    Certificate and Certificate Revocation Lists (CRLs)

    • Version 3 public-key certificates and Version 2 CRLs in accordance with ITU-T X.509 Recommendation and ISO/IEC 9594-8 (4th edition, 2000 as well as earlier editions)
    • Version 3 public-key certificate and Version 2 CRL extensions in accordance with RFC 2459 and RFC 3280
    • Version 3 public-key certificate and Version 2 CRL extensions in accordance with U.S. FPKI X.509 Certificate and CRL Extensions Profile
    • Version 3 public-key certificate and Version 2 CRL extensions in accordance with NIST X.509 Certificate and CRL Extensions Profile for the Common Policy
    • Version 3 “Qualified” certificates in accordance with RFC 3039 and ETSI TS 101 862
    • Version 3 public-key certificates and Version 2 CRLs in accordance with de-facto standards for Web browsers and servers
    • WTLS Certificate support in accordance with WAP WTLS Version 1.1. (Entrust.net certificate issuance)
    • RSA algorithm identifiers and public key formats in accordance with RFC 1422 and 1423 (PEM) and PKCS#1

    File Envelope Formats

    • Standard file envelope format based on Internet RFC 1421 (PEM)
    • PKCS#7 Version 1.5 based on RFC 2315 and Cryptographic Message Syntax (CMS) based on RFC 3369 and 3370
    • S/MIME Version 2 based on RFC 2311

    Secure Session Formats

    • On-line GSS-API public key implementation mechanism using SPKM in accordance with Internet RFC 2025 and SPKM entity authentication in accordance with FIPS 196
    • SSL v3 and TLS v1 in accordance with RFC 2246

    Repositories

    • LDAP Version 2 in accordance with RFC 1777 and RFC 2559
    • LDAP Version 3 in accordance with RFC 2251-2256

    Private Key Storage

    • Private key storage in accordance with PKCS#5 and PKCS#8

    Certificate Management

    • Secure Exchange Protocol (SEP), built using Generic Upper Layers Security (GULS) standards ITU-T Recs. X.830, X.831, X.832 and ISO/IEC 11586-1, 11586-2, 11586-3 (SEP continues to be supported for backward compatibility only)
    • PKIX-CMP in accordance with RFC 2510 and PKIX-CRMF in accordance with RFC 2511
    • PKCS 7/10 (for Web based clients and VPN solutions)
    • Cisco Certificate Enrollment Protocol (CEP) (for VPN solutions)

    Application Programming Interfaces (APIs)

    • Hardware cryptographic interface in accordance with PKCS#11
    • Generic Security Services API (GSS-API) in accordance with RFC 1508 and 1509
    • IDUP-GSS-API in accordance with Internet Draft draft-ietf-cat-idup-gss-08.txt