CKM_RSA_PKCS

Supported Operations

Encrypt and Decrypt

Yes (Single part operation only)

Sign and Verify

Yes (Single part operation only)

SignRecover and VerifyRecover

Yes

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

Yes

Derive

No

FIPS-approved

Yes*

* All RSA signing operations performed under FIPS mode are carried out only if the specified key has a modulus of 2048 bits or greater. Any attempt to create an RSA key smaller than 2048 bits while running in FIPS mode results in a CKR_KEY_SIZE_RANGE or CKA_TEMPLATE_INCONSISTENT error.

Key Size Range (bytes) and Parameters

Minimum 512
FIPS Minimum 2048
Maximum 4096
Parameter None

Description

For a full description of this mechanism, refer to the PKCS#11 version 2.20 documentation from RSA Laboratories.

Return to SafeNet ProtectToolkit-C Mechanisms