Cryptographic Token Interface Standard

PKCS#11


DSA with SHA-1

The DSA with SHA-1 mechanism, denoted CKM_DSA_SHA1, is a mechanism for single- and multiple-part signatures and verification based on the Digital Signature Algorithm defined in FIPS PUB 186. This mechanism computes the entire DSA specification, including the hashing with SHA-1.

For the purposes of this mechanism, a DSA signature is a 40-byte string, corresponding to the concatenation of the DSA values r and s, each represented most-significant byte first.

This mechanism does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 64, DSA with SHA-1: Key And Data Length
Function Key type
Input length
Output length
C_Sign DSA private key
any
40
C_Verify DSA public key
any, 402
N/A

2 Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of DSA prime sizes, in bits.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210