Cryptographic Token Interface Standard



The ANSI X9.31 RSA mechanism, denoted CKM_RSA_X9_31, is a mechanism for single-part signatures and verification without message recovery based on the RSA public-key cryptosystem and the block formats defined in ANSI X9.31.

This mechanism applies the header and padding fields of the hash encapsulation. The trailer field must be applied by the application.

This mechanism processes only byte strings, whereas ANSI X9.31 operates on bit strings. Accordingly, the following transformations are performed:

Constraints on key types and the length of input and output data are summarized in the following table. In the table, k is the length in bytes of the RSA modulus. For all operations, the k value must be at least 128 and a multiple of 32 as specified in ANSI X9.31.

Table 71, ANSI X9.31 RSA: Key And Data Length
Function Key type
Input length
Output length
C_Sign1 RSA private key
<= k -2
C_Verify1 RSA public key
<= k -2, k 2

1 Single-part operations only.

2 Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211