Skip navigation
emcrypt-product-icon.svg

emCrypt - Supported Capabilities

The foundation of all SEGGER security products - emSSL, emSSH, emSecure-RSA, and emSecure-ECDSA. Ready to be used in your application.

Supported Capabilities

Ciphers for bulk encryption

The following ciphers are supported by emCrypt, with optional hardware acceleration:

  • AES-128, AES-192, AES-256
  • DES and TripleDES (also known as 3DES or TDES) with all keying options
  • CAST
  • ARIA
  • SEED
  • Camellia
  • Twofish
  • Blowfish

All cipher algorithms support ECB, CBC, OFB, and CTR modes take advantage of the underlying cipher accelerator when available.  In addition, 128-bit ciphers, such as AES, support CCM and GCM authenticated encryption modes with optional hardware acceleration.

Hash algorithms

Hash algorithms are also known as message digest algorithms or compression functions: they provide a means to produce a digital fingerprint of some data, such as a document, and make it infeasible to produce another document with an identical fingerprint.

  • MD5, RIPEMD-160, SHA-1
  • SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
  • SHA3-224, SHA3-256, SHA3-384, SHA3-512

All hash algorithms take advantage of the underlying hash accelerator when available.

MAC algorithms

Message authentication codes (MACs) guard against transmission errors and malicious data tampering.

  • CMAC-AES, CMAC-TDES, CMAC-SEED, CMAC-ARIA, CMAC-Camellia, CMAC-Twofish
  • GMAC-AES, GMAC-SEED, GMAC-ARIA, GMAC-Camellia, GMAC-Twofish
  • HMAC-MD5, HMAC-RIPEMD-160, HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
  • KMAC

All MAC algorithms take advantage of the underlying cipher or hash accelerator when available.

Key derivation

Key derivation functions calculate symmetric keys to use from an agreed secret.

  • KDF1-SHA-1, KDF1-SHA-224, KDF1-SHA-255, KDF1-SHA-384, KDF1-SHA-512, KDF1-SHA-512/224, KDF1-SHA-512/256
  • KDF2-SHA-1, KDF2-SHA-224, KDF2-SHA-255, KDF2-SHA-384, KDF2-SHA-512, KDF2-SHA-512/224, KDF2-SHA-512/256
  • X9.63-KDF-SHA-1, X9.63-KDF-SHA-224, X9.63-KDF-SHA-256, X9.63-KDF-SHA-384, X9.63-KDF-SHA-512, X9.63-KDF-SHA-512/224, X9.63-KDF-SHA-512/256
  • HKDF-MD5, HKDF-RIPEMD-160, HKDF-SHA-1, HKDF-SHA-224, HKDF-SHA-255, HKDF-SHA-384, HKDF-SHA-512, HKDF-SHA-512/224, HKDF-SHA-512/256
  • PBKDF2-SHA-1, PBKDF2-SHA-224, PBKDF2-SHA-256, PBKDF2-SHA-384, PBKDF2-SHA-512, PBKDF2-SHA-512/224, PBKDF2-SHA-512/256

All key derivation algorithms take advantage of the underlying hash accelerator when available.

Random bit generators

High-quality random data is essential for many cryptographic protocols and algorithms. emCrypt supports NIST random bit generators and the highly regarded Fortuna cryptographically secure random number generator.

  • Fortuna
  • Hash-DRBG-SHA-1, Hash-DRBG-SHA-224, Hash-DRBG-SHA-256, Hash-DRBG-SHA-384, Hash-DRBG-SHA-512, Hash-DRBG-SHA-512/224, Hash-DRBG-SHA-512/256
  • HMAC-DRBG-SHA-1, HMAC-DRBG-SHA-224, HMAC-DRBG-SHA-256, HMAC-DRBG-SHA-384, HMAC-DRBG-SHA-512, HMAC-DRBG-SHA-512/224, HMAC-DRBG-SHA-512/256
  • CTR-DRBG-TDES, CTR-DRBG-AES-128, CTR-DRBG-AES-192, CTR-DRBG-AES-256

All DRBG algorithms take advantage of the underlying cipher or hash accelerator when available.

Digital signatures

Digital signatures provide an assurance that a document, or a collection of data, is authentic and unmodified.

  • RSASSA-PSS with approved and configurable hash algorithms
  • RSASSA-PKCS1 with approved and configurable hash algorithms
  • ECDSA using all NIST prime curves and Brainpool curves and with approved and configurable hash algorithms
  • Ed25519