CKM_ECDSA
Firmware 7.9.2 and Newer Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | Can verify only if PP45 enabled |
| Minimum key length (bits) | 105 |
| Minimum key length for FIPS use (bits) | 224 |
| Minimum legacy key length for FIPS use (bits) | 160 |
| Maximum key length (bits) | 571 |
| Block size | 0 |
| Digest size | 0 |
| Key types | ECDSA | BIP32 |
| Algorithms | ECDSA |
| Modes | None |
| Flags | FIPS-approved curves only |
NOTE Using Luna USB HSM 7 Firmware 7.9.2 or newer, signature verification is permitted in FIPS approved configuration, as long as partition policy 45: Allow ECDSA/RSA Prehash SigVer is set to 1 on the partition.
Firmware 7.7.3 Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 105 |
| Minimum key length for FIPS use (bits) | 224 |
| Minimum legacy key length for FIPS use (bits) | 160 |
| Maximum key length (bits) | 571 |
| Block size | 0 |
| Digest size | 0 |
| Key types | ECDSA | BIP32 |
| Algorithms | ECDSA |
| Modes | None |
| Flags | FIPS-approved curves only |
NOTE Using Luna USB HSM 7 Firmware 7.7.3 or newer, this mechanism now verifies that the specified EC curve is FIPS-approved, and rejects operations that specify non-approved curves.
See [Allowed Elliptic Curves] and scroll down to Allowed Elliptic Curves.
Firmware 7.7.2 Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 105 |
| Minimum key length for FIPS use (bits) | 224 |
| Minimum legacy key length for FIPS use (bits) | 160 |
| Maximum key length (bits) | 571 |
| Block size | 0 |
| Digest size | 0 |
| Key types | ECDSA | BIP32 |
| Algorithms | ECDSA |
| Modes | None |
| Flags | None |
