PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
The PKCS #1 RSA PSS signature with SHA-1 mechanism, denoted CKM_SHA1_RSA_PKCS_PSS, performs single- and multiple-part digital signatures and verification operations without message recovery. The operations performed are as described in PKCS #1 with the object identifier id-RSASSA-PSS, i.e., as in the scheme RSASSA-PSS in PKCS #1 where the underlying hash function is SHA-1.
The PKCS #1 RSA PSS signature with SHA-256, SHA-384, and SHA-512 mechanisms, denoted CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, and CKM_SHA512_RSA_PKCS_PSS respectively, perform the same operations using the SHA-256, SHA-384 and SHA-512 hash functions.
The mechanisms have a parameter, a CK_RSA_PKCS_PSS_PARAMS structure. The sLen field must be less than or equal to k* -2-hLen where hLen is the length in bytes of the hash value. k* is the length in bytes of the RSA modulus, except if the length in bits of the RSA modulus is one more than a multiple of 8, in which case k* is one less than the length in bytes of the RSA modulus.
Constraints on key types and the length of the data are summarized in the following table. In the table, k is the length in bytes of the RSA modulus.
Table 46, PKCS #1 RSA PSS Signatures with Various Hash Functions: Key And Data Length
| Function | Key type | ||
| C_Sign | RSA private key | ||
| C_Verify | RSA public key |
2 Data length, signature length.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.