Supported algorithmsAccess control
  • Goodkey Service
  • Goodkey Clients
  • Conclusion

Supported Algorithms in Goodkey Service and Goodkey Clients

This guide provides an overview of the cryptographic algorithms supported by the Goodkey Service and by the various Goodkey Clients. Use it to determine which algorithms are available, how they are typically used, and any relevant constraints or notes.

Goodkey Service

The table below compares supported algorithms across the Goodkey KMS Back-End and the Google KMS Back-End within the Goodkey Service.

Algorithm

GoodKey KMS Back-End

Google KMS Back-End

RSASSA (PKCS#1 v1.5)

Modulus Length: 2048, 3072, 4096Hash: SHA-1, SHA-256, SHA-384, SHA-512

Modulus Length: 2048Hash: SHA-256Modulus Length: 3072Hash: SHA-256Modulus Length: 4096Hash: SHA-256, SHA-512

RSAES (PKCS#1 v1.5)

Modulus Length: 2048, 3072, 4096

RSA (PSS)

Modulus Length: 2048, 3072, 4096Hash: SHA-1, SHA-256, SHA-384, SHA-512

Modulus Length: 2048Hash: SHA-256Modulus Length: 3072Hash: SHA-256Modulus Length: 4096Hash: SHA-256, SHA-512

RSA (OAEP)

Modulus Length: 2048, 3072, 4096Hash: SHA-1, SHA-256, SHA-384, SHA-512

Modulus Length: 2048Hash: SHA-1, SHA-256Modulus Length: 3072Hash: SHA-1, SHA-256Modulus Length: 4096Hash: SHA-1, SHA-256, SHA-512

ECDSA (various curves)

Curve: P-256, P-384, P-521, K-256Hash: SHA-1, SHA-256, SHA-384, SHA-512

Curve: P-256Hash: SHA-256Curve: P-384Hash: SHA-384Curve: K-256Hash: SHA-256

ECDH

Curve: P-256, P-384, P-521, K-256

EdDSA (Ed25519/Ed448)

Curve: Ed25519, Ed448

Curve: Ed25519

EdDH

Curve: X25519

FIPS 203 (Lattice)

ML-KEM-512ML-KEM-768ML-KEM-1024

ML-KEM-512ML-KEM-768ML-KEM-1024

FIPS 204 (Lattice)

ML-DSA-65

ML-DSA-65

FIPS 205 (Stateless)

SLH-DSA-SHA2-128s

SLH-DSA-SHA2-128s

Goodkey Clients

In addition to the Goodkey Service back ends, Goodkey offers various client options—API integrations, PKCS#11 drivers, KSP/CSP for Windows, and TokenKit for macOS. The table below indicates which algorithms each client supports.

Algorithm

Goodkey API

PKCS#11 (All Platforms)

KSP/CSP (Windows)

RSASSA (PKCS#1 v1.5)

All

All

All

RSAES (PKCS#1 v1.5)

All

All

All

RSA (PSS)

All

All

All

RSA (OAEP)

All

All

All

ECDSA (various curves)

P-256P-384P-521K-256*

P-256P-384P-521K-256**

P-256P-384P-521

ECDH

P-256P-384P-521K-256*

P-256P-384P-521K-256**

EdDSA (Ed25519/Ed448)

Ed25519*Ed448*

Ed25519**Ed448**

EdDH

X25519*

X25519**

FIPS 203 (Lattice)

ML-KEM-512ML-KEM-768and ML-KEM-1024

FIPS 204 (Lattice)

ML-DSA-65

FIPS 205 (Stateless)

SLH-DSA-SHA2-128s

Conclusion

This guide provides a snapshot (as of April 13, 2025) of the algorithms supported by the Goodkey Service and its various clients. Capabilities will continue to evolve in response to emerging cryptographic standards and user needs. Refer to official Goodkey documentation and release notes for the latest information on supported algorithms.