Cryptographic Token Interface Standard

PKCS#11


General-length SHA-1-HMAC

The general-length SHA-1-HMAC mechanism, denoted CKM_SHA_1_HMAC_GENERAL, is a mechanism for signatures and verification. It uses the HMAC construction, based on the SHA-1 hash function. The keys it uses are generic secret keys.

It has a parameter, a CK_MAC_GENERAL_PARAMS, which holds the length in bytes of the desired output. This length should be in the range 0-20 (the output size of SHA-1 is 20 bytes). Signatures (MACs) produced by this mechanism will be taken from the start of the full 20-byte HMAC output.

Table 106, General-length SHA-1-HMAC: Key And Data Length
Function Key type
Data length
Signature length
C_Sign
generic secret
any
0-20, depending on parameters
C_Verify
generic secret
any
0-20, depending on parameters


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210