PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
The ECDSA key pair generation mechanism, denoted CKM_DSA_KEY_PAIR_GEN, is a key pair generation mechanism for ECDSA.
This mechanism does not have a parameter.
The mechanism generates ECDSA public/private key pairs with particular ECDSA parameters, as specified in the CKA_ECDSA_PARAMS attribute of the template for the public key. Note that this version of Cryptoki does not include a mechanism for generating these ECDSA parameters.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_EC_POINT attributes to the new public key and the CKA_CLASS, CKA_KEY_TYPE, CKA_ECDSA_PARAMS and CKA_CKA_VALUE attributes to the new private key. Other attributes supported by the ECDSA public and private key types (specifically, the flags indicating which functions the keys support) may also be specified in the templates for the keys, or else are assigned default initial values.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the minimum and maximum supported number of bits in the field sizes, respectively. For example, if a Cryptoki library supports only ECDSA using a field of characteristic 2 which has between 2200 and 2300 elements, then ulMinKeySize = 201 and ulMaxKeySize = 301 (when written in binary notation, the number 2200 consists of a 1 bit followed by 200 0 bits. It is therefore a 201-bit number. Similarly, 2300 is a 301-bit number).