Skip to main content
SoftHSM exposes its supported mechanism list through C_GetMechanismList and C_GetMechanismInfo. The list is assembled at startup from prepareSupportedMechanisms() and can be further filtered by the slots.mechanisms configuration option.
Mechanisms that depend on optional compile-time features (ECC, EdDSA, GOST, ML-DSA) are only present when SoftHSM was built with the corresponding flag. FIPS mode disables MD5 and single-DES throughout.

RSA

MechanismDescription
CKM_RSA_PKCS_KEY_PAIR_GENGenerate an RSA key pair. Supported key sizes: 512 – 16384 bits (in practice, use 2048 or larger).
MechanismDescription
CKM_RSA_PKCSRSA encryption/decryption with PKCS#1 v1.5 padding. Also used for raw sign/verify.
CKM_RSA_X_509Raw RSA (no padding). The caller is responsible for applying padding before calling C_Encrypt.
CKM_RSA_PKCS_OAEPRSA OAEP encryption/decryption. Requires a CK_RSA_PKCS_OAEP_PARAMS parameter specifying the hash and MGF algorithm.
MechanismDescription
CKM_SHA1_RSA_PKCSSHA-1 hash then RSA-PKCS#1 v1.5 signature.
CKM_SHA224_RSA_PKCSSHA-224 hash then RSA-PKCS#1 v1.5 signature.
CKM_SHA256_RSA_PKCSSHA-256 hash then RSA-PKCS#1 v1.5 signature.
CKM_SHA384_RSA_PKCSSHA-384 hash then RSA-PKCS#1 v1.5 signature.
CKM_SHA512_RSA_PKCSSHA-512 hash then RSA-PKCS#1 v1.5 signature.
CKM_MD5_RSA_PKCSMD5 hash then RSA-PKCS#1 v1.5 signature. Disabled in FIPS mode.
CKM_RSA_PKCS_PSSRSA-PSS raw sign/verify (caller pre-hashes). Enabled when built with WITH_RAW_PSS.
CKM_SHA1_RSA_PKCS_PSSSHA-1 hash then RSA-PSS signature.
CKM_SHA224_RSA_PKCS_PSSSHA-224 hash then RSA-PSS signature.
CKM_SHA256_RSA_PKCS_PSSSHA-256 hash then RSA-PSS signature.
CKM_SHA384_RSA_PKCS_PSSSHA-384 hash then RSA-PSS signature.
CKM_SHA512_RSA_PKCS_PSSSHA-512 hash then RSA-PSS signature.
MechanismDescription
CKM_RSA_AES_KEY_WRAPWrap an AES key under an RSA public key using RSA-OAEP + AES-KeyWrap (RFC 5649). Added in SoftHSM 2.7.0. Requires CK_RSA_AES_KEY_WRAP_PARAMS.

DSA

MechanismDescription
CKM_DSA_PARAMETER_GENGenerate DSA domain parameters (p, q, g).
CKM_DSA_KEY_PAIR_GENGenerate a DSA key pair from previously generated parameters.
MechanismDescription
CKM_DSARaw DSA sign/verify (caller supplies the pre-hashed digest).
CKM_DSA_SHA1SHA-1 hash then DSA signature.
CKM_DSA_SHA224SHA-224 hash then DSA signature.
CKM_DSA_SHA256SHA-256 hash then DSA signature.
CKM_DSA_SHA384SHA-384 hash then DSA signature.
CKM_DSA_SHA512SHA-512 hash then DSA signature.

Elliptic curve (ECDSA / ECDH)

EC mechanisms are available when SoftHSM is built with --enable-ecc (OpenSSL backend) or the equivalent Botan option. Supported curves include the NIST P-curves (P-256, P-384, P-521) and others provided by the underlying crypto library.
MechanismDescription
CKM_EC_KEY_PAIR_GENGenerate an EC key pair. The curve is specified via the CKA_EC_PARAMS attribute on the public key template (DER-encoded OID).
MechanismDescription
CKM_ECDSARaw ECDSA sign/verify (caller supplies pre-hashed digest).
CKM_ECDSA_SHA1SHA-1 hash then ECDSA signature. Added in SoftHSM 2.7.0.
CKM_ECDSA_SHA224SHA-224 hash then ECDSA signature. Added in SoftHSM 2.7.0.
CKM_ECDSA_SHA256SHA-256 hash then ECDSA signature. Added in SoftHSM 2.7.0.
CKM_ECDSA_SHA384SHA-384 hash then ECDSA signature. Added in SoftHSM 2.7.0.
CKM_ECDSA_SHA512SHA-512 hash then ECDSA signature. Added in SoftHSM 2.7.0.
MechanismDescription
CKM_ECDH1_DERIVEOne-pass ECDH key derivation (requires CK_ECDH1_DERIVE_PARAMS). Available when built with WITH_ECC or WITH_EDDSA.

EdDSA (Edwards-curve)

EdDSA mechanisms require --enable-eddsa at build time (OpenSSL 1.1.1+ or Botan 2). Ed25519 and Ed448 are supported.
MechanismDescription
CKM_EC_EDWARDS_KEY_PAIR_GENGenerate an Edwards-curve key pair. Specify Ed25519 or Ed448 via CKA_EC_PARAMS.
MechanismDescription
CKM_EDDSAEdDSA sign/verify. Supports both Ed25519 and Ed448. The algorithm is determined by the key’s curve.

Diffie-Hellman (DH)

MechanismDescription
CKM_DH_PKCS_PARAMETER_GENGenerate DH domain parameters (prime p, base g).
CKM_DH_PKCS_KEY_PAIR_GENGenerate a DH key pair from existing parameters.
MechanismDescription
CKM_DH_PKCS_DERIVEDerive a shared secret from a DH private key and a peer public value.

AES

MechanismDescription
CKM_AES_KEY_GENGenerate an AES secret key. Key length (16, 24, or 32 bytes) is set via CKA_VALUE_LEN.
MechanismDescription
CKM_AES_ECBAES in Electronic Codebook mode. No IV; not recommended for most use cases.
CKM_AES_CBCAES in Cipher Block Chaining mode. Requires a 16-byte IV.
CKM_AES_CBC_PADAES-CBC with PKCS#7 padding. Handles arbitrary-length plaintext.
CKM_AES_CTRAES in Counter mode. Requires CK_AES_CTR_PARAMS specifying the counter block.
CKM_AES_GCMAES in Galois/Counter mode (authenticated encryption). Requires CK_GCM_PARAMS. Added in SoftHSM 2.4.0.
MechanismDescription
CKM_AES_KEY_WRAPRFC 3394 AES Key Wrap. Wraps keys whose length is a multiple of 8 bytes.
CKM_AES_KEY_WRAP_PADRFC 5649 AES Key Wrap with Padding. Wraps keys of any length. Available when built with HAVE_AES_KEY_WRAP_PAD.
CKM_AES_CBCAES-CBC can also be used for key wrapping (added in SoftHSM 2.6.0).
CKM_AES_CBC_PADAES-CBC with PKCS#7 padding for key wrapping (added in SoftHSM 2.7.0).
MechanismDescription
CKM_AES_ECB_ENCRYPT_DATADerive a key by encrypting a data block with AES-ECB.
CKM_AES_CBC_ENCRYPT_DATADerive a key by encrypting a data block with AES-CBC.
CKM_AES_CMACAES Cipher-based MAC (CMAC / OMAC1). Added in SoftHSM 2.4.0.

Triple-DES (3DES)

Single-DES key generation (CKM_DES_KEY_GEN) and single-DES cipher modes (CKM_DES_ECB, CKM_DES_CBC, CKM_DES_CBC_PAD) are disabled in FIPS mode. Triple-DES is available in both standard and FIPS builds.
MechanismDescription
CKM_DES_KEY_GENGenerate a single-DES key (8 bytes). Disabled in FIPS mode.
CKM_DES2_KEY_GENGenerate a two-key Triple-DES key (16 bytes).
CKM_DES3_KEY_GENGenerate a three-key Triple-DES key (24 bytes).
MechanismDescription
CKM_DES_ECBSingle-DES ECB mode. Disabled in FIPS mode.
CKM_DES_CBCSingle-DES CBC mode. Disabled in FIPS mode.
CKM_DES_CBC_PADSingle-DES CBC with PKCS#7 padding. Disabled in FIPS mode.
CKM_DES3_ECBTriple-DES ECB mode.
CKM_DES3_CBCTriple-DES CBC mode.
CKM_DES3_CBC_PADTriple-DES CBC with PKCS#7 padding. Wrapping also supported (added in SoftHSM 2.7.0).
MechanismDescription
CKM_DES_ECB_ENCRYPT_DATADerive a key by encrypting data with single-DES ECB. Disabled in FIPS mode.
CKM_DES_CBC_ENCRYPT_DATADerive a key by encrypting data with single-DES CBC. Disabled in FIPS mode.
CKM_DES3_ECB_ENCRYPT_DATADerive a key by encrypting data with Triple-DES ECB.
CKM_DES3_CBC_ENCRYPT_DATADerive a key by encrypting data with Triple-DES CBC.
CKM_DES3_CMACTriple-DES Cipher-based MAC. Added in SoftHSM 2.4.0.

Hash (digest)

MechanismOutput lengthNotes
CKM_MD516 bytesDisabled in FIPS mode
CKM_SHA_120 bytes
CKM_SHA22428 bytes
CKM_SHA25632 bytes
CKM_SHA38448 bytes
CKM_SHA51264 bytes
Digest operations are performed with C_DigestInit / C_Digest (single-part) or C_DigestInit / C_DigestUpdate / C_DigestFinal (multi-part).

HMAC

MechanismUnderlying hashOutput lengthNotes
CKM_MD5_HMACMD516 bytesDisabled in FIPS mode
CKM_SHA_1_HMACSHA-120 bytes
CKM_SHA224_HMACSHA-22428 bytes
CKM_SHA256_HMACSHA-25632 bytes
CKM_SHA384_HMACSHA-38448 bytes
CKM_SHA512_HMACSHA-51264 bytes
Per PKCS#11 3.0, the minimum HMAC key size is equal to the hash output length. SoftHSM enforces this lower bound when initializing an HMAC operation.

GOST

GOST mechanisms require --enable-gost at build time. This is a compile-time optional feature and is not available in standard binary packages.
MechanismDescription
CKM_GOSTR3410_KEY_PAIR_GENGenerate a GOST R 34.10-2001 key pair
CKM_GOSTR3410GOST R 34.10-2001 raw sign/verify
CKM_GOSTR3410_WITH_GOSTR3411GOST R 34.10-2001 with GOST R 34.11-94 hash
CKM_GOSTR3411GOST R 34.11-94 (Streebog) hash
CKM_GOSTR3411_HMACHMAC using GOST R 34.11-94

ML-DSA (Module-Lattice Digital Signature Algorithm)

ML-DSA is a post-quantum lattice-based signature algorithm (formerly known as CRYSTALS-Dilithium, standardized as FIPS 204). These mechanisms require SoftHSM to be built against OpenSSL 3.x with ML-DSA support enabled (WITH_ML_DSA).
MechanismDescription
CKM_ML_DSA_KEY_PAIR_GENGenerate an ML-DSA key pair. The parameter set (ML-DSA-44, ML-DSA-65, ML-DSA-87) is selected via the key template.
CKM_ML_DSAML-DSA sign/verify.

Generic secret key generation

MechanismDescription
CKM_GENERIC_SECRET_KEY_GENGenerate a generic secret key of arbitrary length for use as HMAC or derivation base keys.

Key derivation utilities

These mechanisms are used as part of derived key construction and are available unconditionally.
MechanismDescription
CKM_CONCATENATE_DATA_AND_BASEDerive a key by prepending data to a base key value.
CKM_CONCATENATE_BASE_AND_DATADerive a key by appending data to a base key value.
CKM_CONCATENATE_BASE_AND_KEYDerive a key by concatenating two key values.

Random number generation

SoftHSM uses the RNG provided by the underlying cryptographic library (OpenSSL or Botan). Applications interact with it through the standard PKCS#11 functions:
FunctionDescription
C_GenerateRandomFill a buffer with cryptographically random bytes
C_SeedRandomMix additional entropy into the RNG state
There is no separate CKM_ constant for RNG; random generation is invoked directly via these functions rather than through the mechanism API.

Mechanism availability by build configuration

Build flagMechanisms enabled
(always on)RSA, DSA, DH, 3DES, AES, SHA-1/224/256/384/512, HMAC, generic secret
WITH_FIPS disabledMD5, CKM_MD5_HMAC, CKM_MD5_RSA_PKCS, single-DES
WITH_ECCCKM_EC_KEY_PAIR_GEN, CKM_ECDSA*, CKM_ECDH1_DERIVE
WITH_EDDSACKM_EC_EDWARDS_KEY_PAIR_GEN, CKM_EDDSA, CKM_ECDH1_DERIVE
WITH_GOSTCKM_GOSTR3410*, CKM_GOSTR3411*
WITH_ML_DSACKM_ML_DSA_KEY_PAIR_GEN, CKM_ML_DSA
WITH_RAW_PSSCKM_RSA_PKCS_PSS (raw, pre-hashed)
HAVE_AES_KEY_WRAP_PADCKM_AES_KEY_WRAP_PAD
To restrict which mechanisms are active at runtime without recompiling, set slots.mechanisms in softhsm2.conf to a comma-separated list of mechanism names (e.g., CKM_AES_GCM,CKM_SHA256_RSA_PKCS). The default value ALL enables every compiled-in mechanism.

Build docs developers (and LLMs) love

Get started for freeTalk to us