ECDSA with SHA-1

The ECDSA with SHA-1 mechanism, denoted CKM_ECDSA_SHA1, is a mechanism for single- and multiple-part signatures and verification for ECDSA. This mechanism computes the entire ECDSA specification, including the hashing with SHA-1.

For the purposes of this mechanism, an ECDSA signature is an octet string of length two times nLen, where nLen is the length in octets of the base point order n, and corresponds to the concatenation of the ECDSA values r and s, each represented as an octet string of length nLen most-significant byte first.

This mechanism does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 67, ECDSA with SHA-1: Key And Data Length
Function Key type Input length Output length

C_Sign ECDSA private key any 2 nLen

C_Verify ECDSA public key any, 2 nLen ² N/A

² Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the minimum and maximum supported number of bits in the field sizes, respectively. For example, if a Cryptoki library supports only ECDSA using a field of characteristic 2 which has between 2²⁰⁰ and 2³⁰⁰ elements, then ulMinKeySize = 201 and ulMaxKeySize = 301 (when written in binary notation, the number 2²⁰⁰ consists of a 1 bit followed by 200 0 bits. It is therefore a 201-bit number. Similarly, 2³⁰⁰ is a 301-bit number).

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v211

Function	Key type	Input length	Output length
C_Sign	ECDSA private key	any	2 nLen
C_Verify	ECDSA public key	any, 2 nLen ²	N/A