Cryptographic Token Interface Standard |
PKCS#11 |

The ANSI X9.31 RSA mechanism, denoted ** CKM_RSA_X9_31**, is a mechanism for single-part signatures and verification without message recovery based on the RSA public-key cryptosystem and the block formats defined in ANSI X9.31.

This mechanism applies the header and padding fields of the hash encapsulation. The trailer field must be applied by the application.

This mechanism processes only byte strings, whereas ANSI X9.31 operates on bit strings. Accordingly, the following transformations are performed:

- Data is converted between byte and bit string formats by interpreting the most-significant bit of the leading byte of the byte string as the leftmost bit of the bit string, and the least-significant bit of the trailing byte of the byte string as the rightmost bit of the bit string (this assumes the length in bits of the data is a multiple of 8).
- A signature is converted from a bit string to a byte string by padding the bit string on the left with 0 to 7 zero bits so that the resulting length in bits is a multiple of 8, and converting the resulting bit string as above; it is converted from a byte string to a bit string by converting the byte string as above, and removing bits from the left so that the resulting length in bits is the same as that of the RSA modulus. This mechanism does not have a parameter.

**Table 71, ANSI X9.31 RSA: Key And Data Length**

Function | Key type | ||

C_Sign^{1} | RSA private key | <= k -2 | k |

C_Verify^{1} | RSA public key | <= k -2, k ^{2} |

^{1} Single-part operations only.

^{2} Data length, signature length.

For this mechanism, the *ulMinKeySize* and *ulMaxKeySize* fields of the **CK_MECHANISM_INFO** structure specify the supported range of RSA modulus sizes, in bits.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211