Cryptographic Token Interface Standard |
PKCS#11 |

The PKCS #1 v1.5 RSA mechanism, denoted ** CKM_RSA_PKCS**, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .

This mechanism does not have a parameter.

This mechanism can wrap and unwrap any secret key of appropriate length. Of course, a particular token may not be able to wrap/unwrap every appropriate-length secret key that it supports. For wrapping, the "input" to the encryption operation is the value of the **CKA_VALUE** attribute of the key that is wrapped; similarly for unwrapping. The mechanism does not wrap the key type or any other information about the key, except the key length; the application must convey these separately. In particular, the mechanism contributes only the **CKA_CLASS** and **CKA_VALUE** (and **CKA_VALUE_LEN**, if the key has it) attributes to the recovered key during unwrapping; other attributes must be specified in the template.

Constraints on key types and the length of the data are summarized in the following table. For encryption, decryption, signatures and signature verification, the input and output data may begin at the same location in memory. In the table, *k* is the length in bytes of the RSA modulus.

**Table 24, PKCS #1 v1.5 RSA: Key And Data Length**

Function | Key type | |||

C_Encrypt^{1} | RSA public key | <= k -11 | k | |

C_Decrypt^{1} | RSA private key | k | <= k -11 | |

C_Sign^{1} | RSA private key | <= k -11 | k | |

C_SignRecover | RSA private key | <= k -11 | k | |

C_Verify^{1} | RSA public key | <= k -11, k ^{2} | ||

C_VerifyRecover | RSA public key | k | <= k -11 | |

C_WrapKey | RSA public key | <= k -11 | k | |

C_UnwrapKey | RSA private key | k | <= k -11 |

^{1} Single-part operations only.

^{2} Data length, signature length.

For this mechanism, the *ulMinKeySize* and *ulMaxKeySize* fields of the **CK_MECHANISM_INFO** structure specify the supported range of RSA modulus sizes, in bits.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230