Supported Algorithms
Supported Algorithms
GlaSSLess provides over 380 cryptographic algorithm implementations backed by OpenSSL.
Summary
| Category | Count |
|---|---|
| AlgorithmParameterGenerator | 2 |
| AlgorithmParameters | 23 |
| Cipher | 146 |
| KDF | 14 |
| KEM | 6 |
| KeyAgreement | 5 |
| KeyFactory | 12 |
| KeyGenerator | 11 |
| KeyPairGenerator | 33 |
| Mac | 20 |
| MessageDigest | 18 |
| SecretKeyFactory | 35 |
| SecureRandom | 3 |
| Signature | 56 |
Message Digests (18)
| Algorithm | FIPS Approved |
|---|---|
| SHA-224, SHA-256, SHA-384, SHA-512 | Yes |
| SHA-512/224, SHA-512/256 | Yes |
| SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Yes |
| SHAKE128, SHAKE256 | Yes |
| BLAKE2b-512, BLAKE2s-256 | No |
| MD5, SHA-1 | No |
| SM3, RIPEMD160 | No |
Ciphers (143)
Symmetric Ciphers
| Algorithm | Key Sizes | Modes | FIPS Approved |
|---|---|---|---|
| AES | 128, 192, 256 | ECB, CBC, CFB, CTR, OFB, GCM, CCM, XTS | Yes |
| AES-GCM-SIV | 128, 192, 256 | GCM-SIV (AEAD, nonce-misuse resistant) | No |
| AES Key Wrap | 128, 192, 256 | KW, KWP | Yes |
| Camellia | 128, 192, 256 | ECB, CBC, CFB, CTR, OFB | No |
| ARIA | 128, 192, 256 | ECB, CBC, CFB, CTR, OFB, GCM | No |
| SM4 | 128 | ECB, CBC, CFB, CTR, OFB | No |
| ChaCha20 | 256 | Stream | No |
| ChaCha20-Poly1305 | 256 | AEAD | No |
| DESede (3DES) | 168 | ECB, CBC | No |
Asymmetric Ciphers
| Algorithm | Key Sizes | Padding | FIPS Approved |
|---|---|---|---|
| RSA | 1024-8192 | NoPadding, PKCS1, OAEP (SHA-1, SHA-256) | Yes |
Password-Based Encryption (PBE)
| Algorithm | FIPS Approved |
|---|---|
|
PBEWithHmacSHA256AndAES128, PBEWithHmacSHA256AndAES256 |
Yes |
|
PBEWithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES256 |
Yes |
|
PBEWithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES256 |
Yes |
|
PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES256 |
Yes |
|
PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES256 |
No |
MACs (20)
| Algorithm | FIPS Approved |
|---|---|
| HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 | Yes |
| HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 | Yes |
| AESCMAC, AESGMAC | Yes |
| KMAC128, KMAC256 | Yes |
| HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512 | Yes |
| HmacSHA1, HmacPBESHA1 | No |
| Poly1305, SipHash | No |
Signatures (48)
Classical Signatures (40)
| Algorithm | FIPS Approved |
|---|---|
| SHA256withRSA, SHA384withRSA, SHA512withRSA | Yes |
| SHA224withRSA | Yes |
| SHA512/224withRSA, SHA512/256withRSA | Yes |
| SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1 (RSA-PSS) | Yes |
| SHA224withRSAandMGF1, SHA512/224withRSAandMGF1, SHA512/256withRSAandMGF1 | Yes |
| SHA256withECDSA, SHA384withECDSA, SHA512withECDSA | Yes |
| SHA224withECDSA | Yes |
| SHA3-224withECDSA, SHA3-256withECDSA, SHA3-384withECDSA, SHA3-512withECDSA | Yes |
| SHA224withDetECDSA, SHA256withDetECDSA, SHA384withDetECDSA, SHA512withDetECDSA (RFC 6979) | Yes (FIPS 186-5) |
| SHA3-256withDetECDSA, SHA3-384withDetECDSA, SHA3-512withDetECDSA (RFC 6979) | Yes (FIPS 186-5) |
| SHA256withDSA, SHA384withDSA, SHA512withDSA | Yes |
| SHA224withDSA | Yes |
| Ed25519, Ed448, EdDSA | Yes |
| SHA1withRSA, SHA1withRSAandMGF1 | No |
| SHA1withECDSA, SHA1withDSA | No |
Post-Quantum Signatures (16)
Requires OpenSSL 3.5+ (LMS requires OpenSSL 3.6+).
| Algorithm | Security Level | FIPS Approved |
|---|---|---|
| ML-DSA, ML-DSA-44 | 128-bit | Yes (FIPS 204) |
| ML-DSA-65 | 192-bit | Yes (FIPS 204) |
| ML-DSA-87 | 256-bit | Yes (FIPS 204) |
| LMS (verification only) | Configurable | Yes (SP 800-208) |
| SLH-DSA, SLH-DSA-SHA2-128s, SLH-DSA-SHA2-128f | 128-bit | Yes (FIPS 205) |
| SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f | 192-bit | Yes (FIPS 205) |
| SLH-DSA-SHA2-256s, SLH-DSA-SHA2-256f | 256-bit | Yes (FIPS 205) |
| SLH-DSA-SHAKE-128s, SLH-DSA-SHAKE-128f | 128-bit | Yes (FIPS 205) |
| SLH-DSA-SHAKE-192s, SLH-DSA-SHAKE-192f | 192-bit | Yes (FIPS 205) |
| SLH-DSA-SHAKE-256s, SLH-DSA-SHAKE-256f | 256-bit | Yes (FIPS 205) |
Key Encapsulation Mechanisms (6)
Requires OpenSSL 3.5+.
| Algorithm | Security Level | FIPS Approved |
|---|---|---|
| ML-KEM (generic) | Configurable | Yes (FIPS 203) |
| ML-KEM-512 | 128-bit | Yes (FIPS 203) |
| ML-KEM-768 | 192-bit | Yes (FIPS 203) |
| ML-KEM-1024 | 256-bit | Yes (FIPS 203) |
| X25519MLKEM768 | Hybrid | Yes |
| X448MLKEM1024 | Hybrid | Yes |
|
NOTE
|
Hybrid KEMs combine classical key exchange (X25519/X448) with ML-KEM for defense against both classical and quantum attacks. See Post-Quantum Cryptography for details. |
Key Agreement (5)
| Algorithm | FIPS Approved |
|---|---|
| ECDH, DH | Yes |
| X25519, X448, XDH | Yes |
Key Derivation Functions (14)
| Algorithm | FIPS Approved |
|---|---|
| HKDF-SHA256, HKDF-SHA384, HKDF-SHA512 | Yes |
| HKDF-SHA224, HKDF-SHA1 | Yes (SHA1 deprecated) |
| TLS1-PRF-SHA256, TLS1-PRF-SHA384 | Yes |
| TLS13-KDF-SHA256, TLS13-KDF-SHA384 | Yes |
| SSHKDF-SHA256 | Yes |
| KBKDF-HMAC-SHA256 | Yes |
| X963KDF-SHA256, X963KDF-SHA384, X963KDF-SHA512 | Yes |
KeyPairGenerator (33)
| Algorithm | FIPS Approved |
|---|---|
| RSA | Yes |
| EC | Yes |
| DSA | Yes |
| DH | Yes |
| Ed25519, Ed448, EdDSA | Yes |
| X25519, X448, XDH | Yes |
| ML-KEM, ML-KEM-512, ML-KEM-768, ML-KEM-1024 | Yes (FIPS 203) |
| X25519MLKEM768, X448MLKEM1024 | Yes |
| ML-DSA, ML-DSA-44, ML-DSA-65, ML-DSA-87 | Yes (FIPS 204) |
| SLH-DSA | Yes (FIPS 205) |
| SLH-DSA-SHA2-128s, SLH-DSA-SHA2-128f | Yes (FIPS 205) |
| SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f | Yes (FIPS 205) |
| SLH-DSA-SHA2-256s, SLH-DSA-SHA2-256f | Yes (FIPS 205) |
| SLH-DSA-SHAKE-128s, SLH-DSA-SHAKE-128f | Yes (FIPS 205) |
| SLH-DSA-SHAKE-192s, SLH-DSA-SHAKE-192f | Yes (FIPS 205) |
| SLH-DSA-SHAKE-256s, SLH-DSA-SHAKE-256f | Yes (FIPS 205) |
KeyFactory (12)
| Algorithm | FIPS Approved |
|---|---|
| RSA | Yes |
| EC | Yes |
| DSA | Yes |
| DH | Yes |
| EdDSA | Yes |
| XDH | Yes |
| ML-KEM | Yes (FIPS 203) |
| ML-DSA | Yes (FIPS 204) |
| SLH-DSA | Yes (FIPS 205) |
| LMS | Yes (SP 800-208, OpenSSL 3.6+) |
| X25519MLKEM768, X448MLKEM1024 | Yes |
KeyGenerator (11)
| Algorithm | FIPS Approved |
|---|---|
| AES | Yes |
| DESede | No |
| HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 | Yes |
| HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 | Yes |
| HmacSHA1 | No |
SecretKeyFactory (35)
| Algorithm | FIPS Approved |
|---|---|
| AES, DESede | Yes (AES), No (DESede) |
| PBE | Yes |
| PBKDF2WithHmacSHA256, PBKDF2WithHmacSHA384, PBKDF2WithHmacSHA512 | Yes |
| PBKDF2WithHmacSHA224 | Yes |
| PBKDF2WithHmacSHA256And8BIT, PBKDF2WithHmacSHA384And8BIT, PBKDF2WithHmacSHA512And8BIT | Yes |
| PBKDF2WithHmacSHA224And8BIT | Yes |
| PBKDF2WithHmacSHA3-224, PBKDF2WithHmacSHA3-256, PBKDF2WithHmacSHA3-384, PBKDF2WithHmacSHA3-512 | Yes |
|
PBEWithHmacSHA256AndAES128, PBEWithHmacSHA256AndAES256 |
Yes |
|
PBEWithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES256 |
Yes |
|
PBEWithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES256 |
Yes |
|
PBEWithHmacSHA512/224AndAES128, PBEWithHmacSHA512/224AndAES256 |
Yes |
|
PBEWithHmacSHA512/256AndAES128, PBEWithHmacSHA512/256AndAES256 |
Yes |
|
PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES256 |
Yes |
| PBKDF2WithHmacSHA1, PBKDF2WithHmacSHA1And8BIT | No |
|
PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES256 |
No |
| SCRYPT | No |
| Argon2i, Argon2d, Argon2id | No |
AlgorithmParameters (23)
| Algorithm | FIPS Approved |
|---|---|
| AES, GCM | Yes |
| EC, DH, DSA | Yes |
| RSASSA-PSS, OAEP | Yes |
| PBES2 | Yes |
|
PBEWithHmacSHA256AndAES128, PBEWithHmacSHA256AndAES256 |
Yes |
|
PBEWithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES256 |
Yes |
|
PBEWithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES256 |
Yes |
|
PBEWithHmacSHA512/224AndAES128, PBEWithHmacSHA512/224AndAES256 |
Yes |
|
PBEWithHmacSHA512/256AndAES128, PBEWithHmacSHA512/256AndAES256 |
Yes |
|
PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES256 |
Yes |
| DESede | No |
|
PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES256 |
No |
AlgorithmParameterGenerator (2)
| Algorithm | FIPS Approved |
|---|---|
| DH | Yes |
| DSA | Yes |
Secure Random (3)
| Algorithm | FIPS Approved |
|---|---|
| NativePRNG, DRBG | Yes |
| SHA1PRNG | No |
FIPS Mode
When OpenSSL is configured with FIPS mode enabled, GlaSSLess automatically detects this and excludes non-FIPS-approved algorithms from registration.
Supported FIPS Standards
| Standard | Description | Algorithms |
|---|---|---|
| FIPS 140-3 | Cryptographic Module Validation | OpenSSL FIPS provider |
| FIPS 180-4 | Secure Hash Standard | SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 |
| FIPS 186-5 | Digital Signature Standard | DSA, ECDSA, Deterministic ECDSA (RFC 6979), EdDSA (Ed25519, Ed448) |
| SP 800-208 | LMS Hash-Based Signatures | LMS/HSS (verification only, OpenSSL 3.6+) |
| FIPS 197 | Advanced Encryption Standard | AES-128, AES-192, AES-256 |
| FIPS 198-1 | HMAC | HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 |
| FIPS 202 | SHA-3 Standard | SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 |
| FIPS 203 | ML-KEM | ML-KEM-512, ML-KEM-768, ML-KEM-1024 (OpenSSL 3.5+) |
| FIPS 204 | ML-DSA | ML-DSA-44, ML-DSA-65, ML-DSA-87 (OpenSSL 3.5+) |
| FIPS 205 | SLH-DSA |
SLH-DSA-SHA2-, SLH-DSA-SHAKE- (OpenSSL 3.5+) |
|
NOTE
|
FIPS 203, 204, and 205 are the post-quantum cryptography standards. Support requires OpenSSL 3.5+ compiled with the FIPS provider that includes these algorithms. |