80333
55379
Bits of Security  RSA or DH  Elliptic Curve Cryptography  Hash Function or XOF with Specified Output Length (d)  Symmetric Encryption 

112  RSA2048, DH(2048) 
ECDSA/ECDH (secp224r1)  SHA224  
128  RSA3072, DH(3072) 
ECDSA/ECDH (secp256r1), Ed25519/X25519 (curve25519) 
SHA256, SHAKE128(d=256) 
AES128 
192  ECDSA/ECDH (secp384r1)  SHA384  AES192  
224  Ed448/X448 (curve448)  
256  ECDSA/ECDH (secp521r1)  SHA512, SHAKE256(d=512) 
AES256 
Bits of Security  Key Types to Be Certified  CMP Protection MSG_SIG_ALG, MSG_MAC_ALG 
Key Management Technique PROT_ENC_ALG or KM_KA_ALG, KM_KT_ALG, KM_KD_ALG 
KeyWrap and Symmetric Encryption PROT_SYM_ALG, SYM_PENC_ALG or KM_KW_ALG 

112  RSA2048, secp224r1 
RSASSAPSS (2048, SHA224 or SHAKE128 (d=256)), RSAEncryption (2048, SHA224), ECDSA (secp224r1, SHA224 or SHAKE128 (d=256)), PBMAC1 (HMACSHA224) 
DH(2048), RSAESOAEP (2048, SHA224), RSAEncryption (2048, SHA224), ECDH (secp224r1, SHA224), PBKDF2 (HMACSHA224) 

128  RSA3072, secp256r1, curve25519 
RSASSAPSS (3072, SHA256 or SHAKE128 (d=256)), RSAEncryption (3072, SHA256), ECDSA (secp256r1, SHA256 or SHAKE128 (d=256)), Ed25519 (SHA512), PBMAC1 (HMACSHA256) 
DH(3072), RSAESOAEP (3072, SHA256), RSAEncryption (3072, SHA256), ECDH (secp256r1, SHA256), X25519, PBKDF2 (HMACSHA256) 
AES128 
192  secp384r1  ECDSA (secp384r1, SHA384), PBMAC1 (HMACSHA384) 
ECDH (secp384r1, SHA384), PBKDF2 (HMACSHA384) 
AES192 
224  curve448  Ed448 (SHAKE256)  X448  
256  secp521r1  ECDSA (secp521r1, SHA512 or SHAKE256 (d=512)), PBMAC1 (HMACSHA512) 
ECDH (secp521r1, SHA512), PBKDF2 (HMACSHA512) 
AES256 
Name  Use  Mandatory  Optional  Deprecated 

MSG_SIG_ALG  protection of PKI messages using signatures  RSA  ECDSA, EdDSA  DSA, combinations with MD5 and SHA1 
MSG_MAC_ALG  protection of PKI messages using MACs  PBMAC1  PasswordBasedMac, HMAC, KMAC  X9.9 
SYM_PENC_ALG  symmetric encryption of an end entity's private key where the symmetric key is distributed out of band  AESwrap  3DES(3keyEDE, CBC Mode), RC5, CAST128  
PROT_ENC_ALG  asymmetric algorithm used for encryption of (symmetric keys for encryption of) private keys transported in PKIMessages  DH  ECDH, RSA  
PROT_SYM_ALG  symmetric encryption algorithm used for encryption of private key bits (a key of this type is encrypted using PROT_ENC_ALG)  AESCBC  3DES(3keyEDE, CBC Mode), RC5, CAST128 
Name  Use  Examples 

MSG_SIG_ALG  protection of PKI messages using signatures and for SignedData, e.g., a private key transported in PKIMessages  RSA, ECDSA, EdDSA 
MSG_MAC_ALG  protection of PKI messages using MACing  PasswordBasedMac (see 
KM_KA_ALG  asymmetric key agreement algorithm used for agreement of a symmetric key for use with KM_KW_ALG  DH, ECDH 
KM_KT_ALG  asymmetric keyencryption algorithm used for transport of a symmetric key for PROT_SYM_ALG  RSA 
KM_KD_ALG  symmetric key derivation algorithm used for derivation of a symmetric key for use with KM_KW_ALG  PBKDF2 
KM_KW_ALG  algorithm to wrap a symmetric key for PROT_SYM_ALG  AESwrap 
PROT_SYM_ALG  symmetric contentencryption algorithm used for encryption of EnvelopedData, e.g., a private key transported in PKIMessages  AESCBC 