Supported Algorithms

Complete reference of cryptographic algorithms supported by 4Quays

4Quays supports a range of classical and post-quantum cryptographic algorithms. This page provides a complete reference.

Symmetric Encryption

AES-256-GCM

Property	Value
Algorithm	Advanced Encryption Standard
Mode	Galois/Counter Mode
Key Size	256 bits
Block Size	128 bits
IV Size	96 bits (12 bytes)
Tag Size	128 bits (16 bytes)

Use cases:

Payload encryption
All protect/unprotect operations

Quantum resistance: Secure against known quantum attacks (256-bit key provides 128-bit post-quantum security).

Key Wrapping (Classical)

RSA-2048

Property	Value
Algorithm	RSA with OAEP padding
Key Size	2048 bits
Hash	SHA-256
MGF	MGF1-SHA-256

Use cases:

Wrapping symmetric keys
Legacy integration

Quantum resistance: Vulnerable to Shor's algorithm. Plan migration to PQC.

RSA-4096

Property	Value
Algorithm	RSA with OAEP padding
Key Size	4096 bits
Hash	SHA-256
MGF	MGF1-SHA-256

Use cases:

Higher security requirements
Longer key validity periods

Quantum resistance: Vulnerable to Shor's algorithm. Provides more time before migration.

Key Encapsulation (Post-Quantum)

ML-KEM-512

Property	Value
Algorithm	Module-Lattice KEM
Security Level	NIST Level 1
Public Key Size	800 bytes
Ciphertext Size	768 bytes
Shared Secret	32 bytes

Use cases:

Lightweight PQC requirements
Performance-sensitive applications

ML-KEM-768

Property	Value
Algorithm	Module-Lattice KEM
Security Level	NIST Level 3
Public Key Size	1184 bytes
Ciphertext Size	1088 bytes
Shared Secret	32 bytes

Use cases:

Recommended default for PQC
Balanced security and performance

ML-KEM-1024

Property	Value
Algorithm	Module-Lattice KEM
Security Level	NIST Level 5
Public Key Size	1568 bytes
Ciphertext Size	1568 bytes
Shared Secret	32 bytes

Use cases:

Highest security requirements
Long-term data protection

Digital Signatures (Classical)

RSA-SHA256

Property	Value
Algorithm	RSASSA-PKCS1-v1_5
Key Size	2048 or 4096 bits
Hash	SHA-256
Signature Size	256 or 512 bytes

Use cases:

Document signing
Data integrity verification

RSA-SHA384

Property	Value
Hash	SHA-384
Other properties	Same as RSA-SHA256

RSA-SHA512

Property	Value
Hash	SHA-512
Other properties	Same as RSA-SHA256

ECDSA-P256

Property	Value
Algorithm	ECDSA
Curve	NIST P-256 (secp256r1)
Hash	SHA-256
Signature Size	~64 bytes

Use cases:

Compact signatures
Performance-sensitive signing

ECDSA-P384

Property	Value
Curve	NIST P-384 (secp384r1)
Hash	SHA-384
Signature Size	~96 bytes

Digital Signatures (Post-Quantum)

ML-DSA-44

Property	Value
Algorithm	Module-Lattice DSA
Security Level	NIST Level 2
Public Key Size	1312 bytes
Signature Size	2420 bytes

Use cases:

PQC signatures for standard use
Migration from RSA-2048

ML-DSA-65

Property	Value
Algorithm	Module-Lattice DSA
Security Level	NIST Level 3
Public Key Size	1952 bytes
Signature Size	3293 bytes

Use cases:

Recommended default for PQC signatures
Migration from RSA-3072

ML-DSA-87

Property	Value
Algorithm	Module-Lattice DSA
Security Level	NIST Level 5
Public Key Size	2592 bytes
Signature Size	4595 bytes

Use cases:

Highest security signing requirements
Long-term signature validity

Hash Functions

SHA-256

Property	Value
Output Size	256 bits (32 bytes)
Block Size	512 bits

SHA-384

Property	Value
Output Size	384 bits (48 bytes)
Block Size	1024 bits

SHA-512

Property	Value
Output Size	512 bits (64 bytes)
Block Size	1024 bits

Algorithm Selection Guide

For Encryption

Requirement	Recommended
Standard security	AES-256-GCM + RSA-2048
High security	AES-256-GCM + RSA-4096
Post-quantum ready	AES-256-GCM + ML-KEM-768
Maximum security	AES-256-GCM + ML-KEM-1024

For Signing

Requirement	Recommended
Compact signatures	ECDSA-P256
Standard security	RSA-SHA256
Post-quantum ready	ML-DSA-65
Maximum security	ML-DSA-87

Algorithm Comparison

Key Size Comparison

Algorithm	Public Key	Ciphertext/Signature
RSA-2048	256 bytes	256 bytes
RSA-4096	512 bytes	512 bytes
ML-KEM-768	1184 bytes	1088 bytes
ML-KEM-1024	1568 bytes	1568 bytes
ECDSA-P256	65 bytes	64 bytes
ML-DSA-65	1952 bytes	3293 bytes

Performance Comparison

Operation	RSA-2048	ML-KEM-768
Key Generation	~100ms	~1ms
Encrypt/Encap	~1ms	~0.1ms
Decrypt/Decap	~10ms	~0.1ms

Operation	ECDSA-P256	ML-DSA-65
Key Generation	~1ms	~1ms
Sign	~1ms	~1ms
Verify	~2ms	~1ms

Standards Compliance

Standard	Algorithms
NIST FIPS 197	AES-256
NIST FIPS 180-4	SHA-2 family
NIST FIPS 186-5	RSA, ECDSA
NIST FIPS 203	ML-KEM
NIST FIPS 204	ML-DSA

What's Next

Security Best Practices — Security recommendations
PQC Migration — Post-quantum transition guide