1# Encryption and Decryption Overview and Algorithm Specifications 2 3You can use the keys in HUKS to encrypt or decrypt data. 4 5## Supported Algorithms 6 7The following table lists the supported specifications for key encryption and decryption. 8<!--Del--> 9The key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported. 10 11**You are advised to use mandatory specifications in your development for compatibility purposes.** 12<!--DelEnd--> 13**Specifications for Standard-System Devices** 14| Algorithm/Cipher Mode/Padding Mode| Description| API Version| <!--DelCol4-->Mandatory| 15| -------- | -------- | -------- | -------- | 16| <!--DelRow-->AES/ECB/NoPadding<br>AES/ECB/PKCS7 | - | 8+ | No| 17| AES/CBC/NoPadding<br>AES/CBC/PKCS7<br>AES/CTR/NoPadding | The **IV** parameter is mandatory.| 8+ | Yes| 18| AES/GCM/NoPadding | **Nonce** is mandatory for encryption.<br>**Nonce** and **AEAD** are mandatory for decryption.| 8+ | Yes| 19| RSA/ECB/NoPadding<br>RSA/ECB/PKCS1_V1_5<br>RSA/ECB/OAEP | The OAEP padding mode supports the following MD algorithms: SHA-256, SHA-384, and SHA-512.| 8+ | Yes| 20| <!--DelRow-->SM4/ECB/NoPadding<br>SM4/ECB/PKCS7<br>SM4/CBC/PKCS7 | **IV** is mandatory in CBC mode and is not recommended in ECB mode.| 9+ | No| 21| SM4/CTR/NoPadding<br>SM4/CBC/NoPadding<br>SM4/CFB/NoPadding | **IV** is mandatory.| 12+ | Yes| 22| SM4/OFB/NoPadding | **Nonce** is mandatory.| 12+ | Yes| 23| SM2/-/NoPadding | SM3 is used as the MD algorithm.| 11+ | Yes| 24 25**Specifications for Mimi-System Devices** 26 27<!--Del--> 28Before implementing the specifications for mini-system devices, determine whether your device supports the related specifications. 29<!--DelEnd--> 30 31| Algorithm/Cipher Mode/Padding Mode| Description| API Version| 32| -------- | -------- | -------- | 33| AES/GCM/NoPadding | - | 8+ | 34| AES/CBC/NoPadding<br>AES/CTR/NoPadding | **IV** is mandatory.| 11+ | 35| DES/ECB/NoPadding | - | 12+ | 36| DES/CBC/NoPadding | **IV** is mandatory.| 12+ | 37| 3DES/ECB/NoPadding | - | 12+ | 38| 3DES/CBC/NoPadding | **IV** is mandatory.| 12+ | 39| RSA/ECB/PKCS1_V1_5 | - | 12+ | 40| RSA/ECB/OAEP | SHA-256 is used as the MD algorithm.| 12+ | 41