| Cryptographic Token Interface Standard |
PKCS#11
|
ANSI X9.31 RSA
The ANSI X9.31 RSA mechanism, denoted CKM_RSA_X9_31, is a mechanism for single-part signatures and verification without message recovery based on the RSA public-key cryptosystem and the block formats defined in ANSI X9.31.
This mechanism applies the header and padding fields of the hash encapsulation. The trailer field must be applied by the application.
This mechanism processes only byte strings, whereas ANSI X9.31 operates on bit strings. Accordingly, the following transformations are performed:
- Data is converted between byte and bit string formats by interpreting the most-significant bit of the leading byte of the byte string as the leftmost bit of the bit string, and the least-significant bit of the trailing byte of the byte string as the rightmost bit of the bit string (this assumes the length in bits of the data is a multiple of 8).
- A signature is converted from a bit string to a byte string by padding the bit string on the left with 0 to 7 zero bits so that the resulting length in bits is a multiple of 8, and converting the resulting bit string as above; it is converted from a byte string to a bit string by converting the byte string as above, and removing bits from the left so that the resulting length in bits is the same as that of the RSA modulus. This mechanism does not have a parameter.
Constraints on key types and the length of input and output data are summarized in the following table. In the table, k is the length in bytes of the RSA modulus. For all operations, the k value must be at least 128 and a multiple of 32 as specified in ANSI X9.31.
Table 71, ANSI X9.31 RSA: Key And Data Length
| Function | Key type |
Input length
|
Output length
|
| C_Sign1 | RSA private key |
<= k -2
|
k
|
| C_Verify1 | RSA public key |
<= k -2, k 2
|
N/A
|
1 Single-part operations only.
2 Data length, signature length.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RSA modulus sizes, in bits.
RSA Security Inc. Public-Key Cryptography Standards -
PKCS#11 - v211