Cryptographic Token Interface Standard

PKCS#11


ECDSA without hashing

The ECDSA without hashing mechanism, denoted CKM_ECDSA, is a mechanism for single-part signatures and verification for ECDSA. (This mechanism corresponds only to the part of ECDSA that processes the hash value, which should not be longer than 1024 bits; it does not compute the hash value.)

For the purposes of this mechanism, an ECDSA signature is an octet string of length two times nLen, where nLen is the length in octets of the base point order n, and corresponds to the concatenation of the ECDSA values r and s, each represented as an octet string of length nLen most-significant byte first. If the length of the hash value is larger than the bit length of n, only the leftmost bit of the hash up to the length of n will be used.

This mechanism does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 66, ECDSA: Key And Data Length
Function Key type
Input length
Output length
C_Sign1 ECDSA private key
any3
2 nLen
C_Verify1 ECDSA public key
any3, 2 nLen 2
N/A

1 Single-part operations only.

2 Data length, signature length.

3 Truncated to the appropriate number of bits.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the minimum and maximum supported number of bits in the field sizes, respectively. For example, if a Cryptoki library supports only ECDSA using a field of characteristic 2 which has between 2200 and 2300 elements (inclusive), then ulMinKeySize = 201 and ulMaxKeySize = 301 (when written in binary notation, the number 2200 consists of a 1 bit followed by 200 0 bits. It is therefore a 201-bit number. Similarly, 2300 is a 301-bit number).


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211