Cryptographic Token Interface Standard

PKCS#11


ISO/IEC 9796 RSA

The ISO/IEC 9796 RSA mechanism, denoted CKM_RSA_9796, is a mechanism for single-part signatures and verification with and without message recovery based on the RSA public-key cryptosystem and the block formats defined in ISO/IEC 9796 and its annex A. This mechanism is compatible with the draft ANSI X9.31 (assuming the length in bits of the X9.31 hash value is a multiple of 8).

This mechanism processes only byte strings, whereas ISO/IEC 9796 operates on bit strings. Accordingly, the following transformations are performed:

Constraints on key types and the length of input and output data are summarized in the following table. In the table, k is the length in bytes of the RSA modulus.

Table 60, ISO/IEC 9796 RSA: Key And Data Length
Function Key type
Input length
Output length
C_Sign1 RSA private key
<= LOWER(k /2)
k
C_SignRecover RSA private key
<= LOWER(k /2)
k
C_Verify1 RSA public key
<= LOWER(k /2), k 2
N/A
C_VerifyRecover RSA public key
k
<= LOWER(k /2)

1 Single-part operations only.

2 Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210