Cryptoki: a cryptographic Token Interface



Download 360.55 Kb.
Page136/196
Date22.12.2023
Size360.55 Kb.
#63026
1   ...   132   133   134   135   136   137   138   139   ...   196
v201-95
pkcs11-base-v2.40-cos01

11.2.2. DSA without hashing


The DSA without hashing mechanism, denoted CKM_DSA, is a mechanism for single-part signatures and verification based on the Digital Signature Algorithm defined in FIPS PUB 186. (This mechanism corresponds only to the part of DSA that processes the 20-byte hash value; it does not compute the hash value.)
For the purposes of this mechanism, a DSA signature is a 40-byte string, corresponding to the concatenation of the DSA values r and s, each represented most-significant byte first.
It does not have a parameter.
Constraints on key types and the length of data are summarized in the following table:
Table 53, DSA: Key And Data Length

Function

Key type

Input length

Output length

C_Sign1

DSA private key

20

40

C_Verify1

DSA public key

20, 402

N/A

1 Single-part operations only.
2 Data length, signature length.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of DSA prime sizes, in bits.

11.2.3. DSA with SHA-1


The DSA with SHA-1 mechanism, denoted CKM_DSA_SHA1, is a mechanism for single- and multiple-part signatures and verification based on the Digital Signature Algorithm defined in FIPS PUB 186. This mechanism computes the entire DSA specification, including the hashing with SHA-1.
For the purposes of this mechanism, a DSA signature is a 40-byte string, corresponding to the concatenation of the DSA values r and s, each represented most-significant byte first.
This mechanism does not have a parameter.
Constraints on key types and the length of data are summarized in the following table:
Table 54, DSA with SHA-1: Key And Data Length


Download 360.55 Kb.

Share with your friends:
1   ...   132   133   134   135   136   137   138   139   ...   196




The database is protected by copyright ©ininet.org 2024
send message

    Main page