3.1.4.7 Cryptographic Modes

RMS servers MAY<32> support operating in multiple cryptographic modes. These modes define the set of key sizes and hash algorithms that clients and servers use in XrML certificates. Two modes are defined, named Mode 1 and Mode 2. Servers that do not support multiple cryptographic modes SHOULD use key sizes and hash algorithms specified for Mode 1. The following table specifies the differences between certificates in each of the cryptographic modes.

Certificate

Mode 1

Mode 2

SLC

The public key is 1,024-bit RSA. The signature hash algorithm is SHA-1.

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256.

SLC Chain Intermediate and Root Certificates

The public key is 1,024-bit or 2,048-bit RSA. The signature hash algorithm is SHA-1.

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256.

SPC

The public key is 1,024-bit or 2048-bit RSA. The signature hash algorithm is SHA-1.

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256.

SPC Chain Intermediate and Root Certificates

The public key is 1,024-bit or 2,048-bit RSA. The signature hash algorithm is SHA-1.

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256.

RAC

The public key is 1,024-bit RSA. The signature hash algorithm is SHA-1. The enabling bits type is "sealed-key".

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256. The enabling bits type is "sealed-key-v2".

CLC

The public key is 1,024-bit RSA. The signature hash algorithm is SHA-1. The enabling bits type is "sealed-key".

The public key is 2,048-bit RSA. The signature hash algorithm is SHA256. The enabling bits type is "sealed-key-v2".

PL

The signature hash algorithm is SHA-1. The enabling bits type is "sealed-key".

The signature hash algorithm is SHA256. The enabling bits type is "sealed-key-v2".

UL

The signature hash algorithm is SHA-1. The enabling bits type is "sealed-key".

The signature hash algorithm is SHA256. The enabling bits type is "sealed-key-v2".