Cryptographic Token Interface Standard

PKCS#11


PKCS #1 v1.5 RSA

The PKCS #1 v1.5 RSA mechanism, denoted CKM_RSA_PKCS, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .

This mechanism does not have a parameter.

This mechanism can wrap and unwrap any secret key of appropriate length. Of course, a particular token may not be able to wrap/unwrap every appropriate-length secret key that it supports. For wrapping, the "input" to the encryption operation is the value of the CKA_VALUE attribute of the key that is wrapped; similarly for unwrapping. The mechanism does not wrap the key type or any other information about the key, except the key length; the application must convey these separately. In particular, the mechanism contributes only the CKA_CLASS and CKA_VALUE (and CKA_VALUE_LEN, if the key has it) attributes to the recovered key during unwrapping; other attributes must be specified in the template.

Constraints on key types and the length of the data are summarized in the following table. For encryption, decryption, signatures and signature verification, the input and output data may begin at the same location in memory. In the table, k is the length in bytes of the RSA modulus.

Table 24, PKCS #1 v1.5 RSA: Key And Data Length
Function Key type
Input length
Output length
Comments
C_Encrypt1 RSA public key
<= k -11
k
block type 02
C_Decrypt1 RSA private key
k
<= k -11
block type 02
C_Sign1 RSA private key
<= k -11
k
block type 01
C_SignRecover RSA private key
<= k -11
k
block type 01
C_Verify1 RSA public key
<= k -11, k 2
N/A
block type 01
C_VerifyRecover RSA public key
k
<= k -11
block type 01
C_WrapKey RSA public key
<= k -11
k
block type 02
C_UnwrapKey RSA private key
k
<= k -11
block type 02

1 Single-part operations only.

2 Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230