1# Symmetric Key Generation and Conversion Specifications 2 3 4This topic describes the supported algorithms and specifications for symmetric key generation and conversion. 5 6 7A key can be generated based on a string parameter, which holds key specifications. The string parameters supported by each algorithm are provided in the specific algorithm specifications. 8 9 10## AES 11 12Advanced Encryption Standard (AES) is the most common symmetric encryption algorithm. 13 14It has the following features: 15 16- It is a block cipher with a block size of 128 bits. 17 18- The key length can be 128 bits, 192 bits, or 256 bits. 19 20- It provides higher security and faster processing speed than Triple Data Encryption Standard (3DES). 21 22 23An AES key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length. 24 25 26| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 27| -------- | -------- | -------- | -------- | 28| AES | 128 | AES128 | 9+ | 29| AES | 192 | AES192 | 9+ | 30| AES | 256 | AES256 | 9+ | 31 32 33## 3DES 34 353DES is also called 3DESede or Triple DES. 36 37It has the following features: 38 39- It uses three 64-bit keys to encrypt a data block three times, which means to apply the DES cipher three times to each data block. 40 41- Compared with DES, 3DES provides higher security due to longer key length, but lower processing speed. 42 43A 3DES key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length. 44 45| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 46| -------- | -------- | -------- | -------- | 47| 3DES | 192 | 3DES192 | 9+ | 48 49 50## SM4 51 52ShangMi 4 (SM4) is a symmetric algorithm. 53 54It has the following features: 55 56- It is a block cipher with a block size of 128 bits. 57 58- The key length is also 128 bits, which can be extended by an expansion key. 59 60- Both the encryption algorithm and the key expansion algorithm use a 32-round non-linear iteration structure. A non-linear key scheduler is used to produce the round keys. The decryption uses the same round keys as for encryption, except that they are in reversed order. 61 62An SM4 key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length with an underscore (_) in between. 63 64| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 65| -------- | -------- | -------- | -------- | 66| SM4 | 128 | SM4_128 | 10+ | 67 68 69## HMAC 70 71Hash-based Message Authentication Code (HMAC) is a hash-based message authentication code algorithm. A symmetric key is required for calculation. 72 73It has the following features: 74 75The symmetric key used by HMAC can be of any length. 76 77- If the key length is greater than the HMAC block length, the one-way hash result of the key is used as the new key. 78 79- If the key length is less than the HMAC block length, 0s are padded at the end of the key as the new key. That is, the key length is the same as the HMAC block length. 80 81- You are advised to use the output length of the message digest (MD) algorithm as the key length. 82 83The symmetric key used by HMAC can be generated based on a string parameter. 84 85- When the length of the key used by HMAC is the same as the length of the MD generated, the string parameter consists of the MAC algorithm and MD algorithm with a vertical bar (|) in between. The string parameter specifies the key specifications when a symmetric key generator is created. 86 87- If the length of the key used by HMAC is not within the range of the MD generated by the MD algorithms listed in the following table, use the string parameter **HMAC** to create a symmetric key generator and then generate a key based on the binary data of the key used by HMAC. 88 89| MAC Algorithm| MD Algorithm| Key Length (Bit)| String Parameter| API Version| 90| -------- | -------- | -------- | -------- | -------- | 91| HMAC | SHA1 | 160 | HMAC\|SHA1 | 11+ | 92| HMAC | SHA224 | 224 | HMAC\|SHA224 | 11+ | 93| HMAC | SHA256 | 256 | HMAC\|SHA256 | 11+ | 94| HMAC | SHA384 | 384 | HMAC\|SHA384 | 11+ | 95| HMAC | SHA512 | 512 | HMAC\|SHA512 | 11+ | 96| HMAC | SM3 | 256 | HMAC\|SM3 | 11+ | 97| HMAC | - | [1, 32768] | HMAC | 11+ | 98