CKM_RSA_PKCS
NOTE RSA public exponent value e=3 was deprecated, and Luna HSM does not support its use in FIPS 140 configuration. By default, use RSA exponent value 65537 (2^16 + 1) instead, or refer to the FIPS 186-5 Appendix A.1.1 specification for detailed guidance.
See also RSA Mechanism Remap for FIPS Compliance.
Firmware 7.9.2 and Newer Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot wrap | Cannot decrypt | Cannot unwrap | Cannot encrypt | Can verify only if PP45 enabled |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
NOTE Using Luna USB HSM 7 Firmware 7.9.2 or newer, signature verification is permitted in FIPS approved configuration, as long as partition policy 45: Allow ECDSA/RSA Prehash SigVer is set to 1 on the partition.
Firmware 7.7.3 Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot wrap | Cannot decrypt | Cannot unwrap | Cannot encrypt |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
NOTE
>Using Luna USB HSM 7 Firmware 7.7.3 and newer, this mechanism is restricted from all wrap/unwrap/encrypt/decrypt operations in FIPS approved configuration. No exceptions are made for decrypt/unwrap operations using larger key sizes. This limited legacy use was permitted under FIPS 140-2; it is no longer approved under FIPS 140-3.
>This mechanism name and RSASSA-PKCS1-v1_5 are referring to the same underlying RSA signature scheme.
Firmware 7.7.2 Summary
| FIPS approved? | Yes |
| Supported functions | Sign | Verify | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot wrap | Cannot legacy decrypt | Cannot legacy unwrap | Cannot encrypt |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
NOTE Under Functions restricted from FIPS use, "Cannot legacy decrypt and "Cannot legacy unwrap" means that these operations are restricted with smaller keys (1024-bits, the previous minimum key size for FIPS use), but keys that meet the minimum FIPS size requirement (2048 bits) can still be used for decrypt and unwrap operations.
NOTE To comply with FIPS SP800-131a Rev2 published in March 2019, when the HSM is in FIPS mode, this mechanism is not allowed to wrap objects.
NOTE When the HSM is in FIPS mode, this mechanism cannot be used to sign data using less than 224 bits.
This algorithm must be combined with a FIPS-approved hash algorithm to be FIPS compliant.
