Supported Signing and Encryption Algorithms
- Updated2025-10-28
- 1 minute(s) read
Supported Signing and Encryption Algorithms
SystemLink supports the following algorithms for ID token signing, ID token key management encryption, and ID token content encryption.
ID Token Signing Algorithm
- None
- ECDSA Using P256 Curve and SHA-256
- ECDSA Using P384 Curve and SHA-384
- ECDSA Using P521 Curve and SHA-512
- HMAC using SHA-256
- HMAC using SHA-384
- HMAC using SHA-512
- RSA using SHA-256
- RSA using SHA-384
- RSA using SHA-512
- RSASSA-PSS using SHA-256
- RSASSA-PSS using SHA-384
- RSASSA-PSS using SHA-512
ID Token Key Management Encryption Algorithm
Algorithms that do not require a private key.
- No encryption
- Direct Encryption with symmetric key
- AES-128 Key Wrap
- AES-192 Key Wrap
- AES-256 Key Wrap
Algorithms that require a private key.
- RSAES OAEP
- ECDH-ES
ID Token Content Encryption Algorithm
- Composite AES-CBC-128 HMAC-SHA-256
- Composite AES-CBC-192 HMAC-SHA-384
- Composite AES-CBC-256 HMAC-SHA-512