ECDSA without hashing

Refer section 12.3.1 for signature encoding.

The ECDSA without hashing mechanism, denoted CKM_ECDSA, is a mechanism for single-part signatures and verification for ECDSA. (This mechanism corresponds only to the part of ECDSA that processes the hash value, which should not be longer than 1024 bits; it does not compute the hash value.)

This mechanism does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 57, ECDSA: Key And Data Length
Function Key type Input length Output length

C_Sign¹ ECDSA private key any³ 2 nLen

C_Verify¹ ECDSA public key any³, <=2 nLen ² N/A

¹ Single-part operations only.

²Data length, signature length.

³ Truncated to the appropriate number of bits.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the minimum and maximum supported number of bits in the field sizes, respectively. For example, if a Cryptoki library supports only ECDSA using a field of characteristic 2 which has between 2²⁰⁰ and 2³⁰⁰ elements (inclusive), then ulMinKeySize = 201 and ulMaxKeySize = 301 (when written in binary notation, the number 2²⁰⁰ consists of a 1 bit followed by 200 0 bits. It is therefore a 201-bit number. Similarly, 2³⁰⁰ is a 301-bit number).

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220

Function	Key type	Input length	Output length
C_Sign¹	ECDSA private key	any³	2 nLen
C_Verify¹	ECDSA public key	any³, <=2 nLen ²	N/A