PKCS #1 v1.5 RSA

The PKCS #1 v1.5 RSA mechanism, denoted CKM_RSA_PKCS, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .

This mechanism does not have a parameter.

This mechanism can wrap and unwrap any secret key of appropriate length. Of course, a particular token may not be able to wrap/unwrap every appropriate-length secret key that it supports. For wrapping, the "input" to the encryption operation is the value of the CKA_VALUE attribute of the key that is wrapped; similarly for unwrapping. The mechanism does not wrap the key type or any other information about the key, except the key length; the application must convey these separately. In particular, the mechanism contributes only the CKA_CLASS and CKA_VALUE (and CKA_VALUE_LEN, if the key has it) attributes to the recovered key during unwrapping; other attributes must be specified in the template.

Constraints on key types and the length of the data are summarized in the following table. For encryption, decryption, signatures and signature verification, the input and output data may begin at the same location in memory. In the table, k is the length in bytes of the RSA modulus.

Table 37, PKCS #1 v1.5 RSA: Key And Data Length
Function Key type Input length Output length Comments

C_Encrypt¹ RSA public key <= k -11 k block type 02

C_Decrypt¹ RSA private key k <= k -11 block type 02

C_Sign¹ RSA private key <= k -11 k block type 01

C_SignRecover RSA private key <= k -11 k block type 01

C_Verify¹ RSA public key <= k -11, k ² N/A block type 01

C_VerifyRecover RSA public key k <= k -11 block type 01

C_WrapKey RSA public key <= k -11 k block type 02

C_UnwrapKey RSA private key k <= k -11 block type 02

¹ Single-part operations only.

² Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220

Function	Key type	Input length	Output length	Comments
C_Encrypt¹	RSA public key	<= k -11	k	block type 02
C_Decrypt¹	RSA private key	k	<= k -11	block type 02
C_Sign¹	RSA private key	<= k -11	k	block type 01
C_SignRecover	RSA private key	<= k -11	k	block type 01
C_Verify¹	RSA public key	<= k -11, k ²	N/A	block type 01
C_VerifyRecover	RSA public key	k	<= k -11	block type 01
C_WrapKey	RSA public key	<= k -11	k	block type 02
C_UnwrapKey	RSA private key	k	<= k -11	block type 02