NAME¶

icainfo - print information about cryptographic functions supported by libica

SYNOPSIS¶

icainfo [-v | --version] [-h | --help] [-c | --list-curves] [-r | --list-rsa] [-f | --list-fips-exceptions]

DESCRIPTION¶

icainfo prints a table that shows libica's support for various cryptographic algorithms and information about FIPS support.

The icainfo output also indicates, whether it is in an error state. Algorithms that are not FIPS approved are marked as blocked in all table columns when running in FIPS mode. All algorithms are marked as blocked when libica is in an error state.

Available hardware support is divided into two columns: dynamic hardware means crypto cards, static hardware support means CPACF. Software support is provided via openssl.

If a function is disabled via build option, this is indicated by a dash '-' in the related column.

A shortened sample output is given below:

      Cryptographic algorithm support
------------------------------------------------------


               |         hardware        |


 function      |   dynamic  |   static   |  software
---------------+------------+------------+------------


         SHA-1 |     no     |    yes     |    -


       SHA-224 |     no     |    yes     |    -


       SHA-256 |     no     |    yes     |    -


       SHA-384 |     no     |    yes     |    -


       SHA-512 |     no     |    yes     |    -


         GHASH |     no     |    yes     |    -


         P_RNG |  blocked   |  blocked   |  blocked


  DRBG-SHA-512 |     no     |    yes     |    -


        RSA ME |    yes     |     no     |    -


       RSA CRT |    yes     |     no     |    -


           ...
------------------------------------------------------
Built-in FIPS support: FIPS 140-3 mode active.
Software fallbacks are disabled.

OPTIONS¶

-v or --version

show libica version and copyright

-h or --help

display this help and exit

-c or --list-curves

show supported elliptic curves

-r or --list-rsa

show min and max supported RSA key lengths

-f or --list-fips-exceptions

show available algorithms that are non-approved

RETURN VALUE¶

1

unknown or invalid argument on invocation

0

successful program execution

SEE ALSO¶

icastats(1)