Cryptographic Token Interface Standard

PKCS#11


PKCS #1 RSA PSS signature with SHA-1

The PKCS #1 RSA PSS signature with SHA-1 mechanism, denoted CKM_SHA1_RSA_PKCS_PSS, performs single- and multiple-part digital signatures and verification operations without message recovery. The operations performed are as described in PKCS #1 with the object identifier id-RSASSA-PSS.

It has a parameter, a CK_RSA_PKCS_PSS_PARAMS structure. The sLen field must be less than or equal to k-2-hLen, where k is the length in bytes of the RSA modulus and hLen is the length in bytes of the SHA-1 hash.

It has a parameter, a CK_RSA_PKCS_PSS_PARAMS structure. The sLen field must be less than or equal to k*-2-hLen where hLen is the length of a SHA-1 hash. k* is the length in bytes of the RSA modulus, except if the length in bits of the RSA modulus is one more than a multiple of 8, in which case k* is one less than the length in bytes of the RSA modulus.

Constraints on key types and the length of the data are summarized in the following table. In the table, k* is the length in bytes of the RSA modulus as described above.

Table 73, PKCS #1 RSA PSS Signatures with SHA-1: Key And Data Length
Function Key type
Input length
Output length
C_Sign RSA private key
any
k
C_Verify RSA public key
any, k 2
N/A

2 Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211