Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Algorithms and Key Sizes for Personal Identity Verification



William T. Polk, Donna F. Dodson, William E. Burr


[Superseded by SP 800-78-2(February 2010):] SP 800-78-1 has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency's Suite B Cryptography [SUITE B]. Revision 1 reduces the set of elliptic curves approved for use with PIV cards and the supporting infrastructure from six curves to two. Also, SHA-384 has been added for use with Curve P-384 in this revision. And finally, this revision eliminates the largest size of RSA keys (3072 bits) on PIV cards. These changes simplify applications that require maximum interoperability: the number of OIDs that must be recognized (e.g., in certificates) has been significantly reduced; and elliptic curve implementations of elliptic curve cryptography can be optimized for operations over two specific curves. [Supersedes SP 800-78 (April 2005):]
Special Publication (NIST SP) - 800-78-1
Report Number


conformance test, Personal Identity Verification, FIPS 201, cryptographic algorithms, key sizes, PKI


Polk, W. , Dodson, D. and Burr, W. (2007), Cryptographic Algorithms and Key Sizes for Personal Identity Verification, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed July 17, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created August 1, 2007, Updated January 27, 2020