![]() | Cryptographic Token Interface Standard |
PKCS#11 |
The GOST R 34.10-2001 with GOST R 34.11-94, denoted CKM_GOSTR3410_WITH_GOSTR3411, is a mechanism for signatures and verification for GOST R 34.10-2001. This mechanism computes the entire GOST R 34.10-2001 specification, including the hashing with GOST R 34.11-94 hash algorithm.
As a parameter this mechanism utilizes a DER-encoding of the object identifier indicating GOST R 34.11-94 data object type. A mechanism parameter may be missed then parameters are specified in object identifier of attribute CKA_GOSTR3411PARAMS must be used.
For the purposes of these mechanisms, a GOST R 34.10-2001 signature is an octet string of 64 bytes long. The signature octets correspond to the concatenation of the GOST R 34.10-2001 values s and r ', both represented as a 32 bytes octet string in big endian order with the most significant byte first [RFC 4490] section 3.2, and [RFC 4491] section 2.2.2.
The input for the mechanism is signed or should be signed message of any length. Single- and multiple-part signature operations are available.
Table 15, GOST R 34.10-2001 with GOST R 34.11-94: Key And Data Length
Function | Key type | ||
C_Sign | CKK_GOSTR3410 | ||
C_Verify | CKK_GOSTR3410 |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.