DSA without hashing

The DSA without hashing mechanism, denoted CKM_DSA, is a mechanism for single-part signatures and verification based on the Digital Signature Algorithm defined in FIPS PUB 186-2. (This mechanism corresponds only to the part of DSA that processes the 20-byte hash value; it does not compute the hash value.)

For the purposes of this mechanism, a DSA signature is a 40-byte string, corresponding to the concatenation of the DSA values r and s, each represented most-significant byte first.

It does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 220, DSA: Key And Data Length
Function Key type Input length Output length

C_Sign¹ DSA private key 20 40

C_Verify¹ DSA public key 20, 40² N/A

¹ Single-part operations only.

² Data length, signature length.

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of DSA prime sizes, in bits.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230

Function	Key type	Input length	Output length
C_Sign¹	DSA private key	20	40
C_Verify¹	DSA public key	20, 40²	N/A