CKM_RSA_PKCS_PSS
NOTE This mechanism name and RSASSA-PSS are referring to the same underlying RSA signature scheme.
NOTE RSA public exponent value e=3 was deprecated, and Luna HSM does not support its use in FIPS 140 configuration. By default, use RSA exponent value 65537 (2^16 + 1) instead, or refer to the FIPS 186-5 Appendix A.1.1 specification for detailed guidance.
See also Impact on Exponents.
Firmware 7.9.0 and Newer Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | Can verify only if PP45 enabled |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | PSS |
NOTE Using Luna HSM Firmware 7.9.0 or newer, signature verification is permitted in FIPS approved configuration, as long as partition policy 45: Allow ECDSA/RSA Prehash SigVer is set to 1 on the partition.
Firmware 7.8.9 and Older Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | PSS |
