Cryptographic Token Interface Standard

PKCS#11

---

ISO/IEC 9796 RSA

The ISO/IEC 9796 RSA mechanism, denoted CKM_RSA_9796, is a mechanism for single-part signatures and verification with and without message recovery based on the RSA public-key cryptosystem and the block formats defined in ISO/IEC 9796 and its annex A.

This mechanism processes only byte strings, whereas ISO/IEC 9796 operates on bit strings. Accordingly, the following transformations are performed:

• Data is converted between byte and bit string formats by interpreting the most-significant bit of the leading byte of the byte string as the leftmost bit of the bit string, and the least-significant bit of the trailing byte of the byte string as the rightmost bit of the bit string (this assumes the length in bits of the data is a multiple of 8).
• A signature is converted from a bit string to a byte string by padding the bit string on the left with 0 to 7 zero bits so that the resulting length in bits is a multiple of 8, and converting the resulting bit string as above; it is converted from a byte string to a bit string by converting the byte string as above, and removing bits from the left so that the resulting length in bits is the same as that of the RSA modulus. This mechanism does not have a parameter.

Constraints on key types and the length of input and output data are summarized in the following table. In the table, k is the length in bytes of the RSA modulus.

Table 42, ISO/IEC 9796 RSA: Key And Data Length

Function	Key type	Input length	Output length
C_Sign1	RSA private key	<= LOWER(k /2)	k
C_SignRecover	RSA private key	<= LOWER(k /2)	k
C_Verify1	RSA public key	<= LOWER(k /2), k 2	N/A
C_VerifyRecover	RSA public key	k	<= LOWER(k /2)

¹ Single-part operations only.

² Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.

---

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220