CKM_RSA_PKCS_KEY_PAIR_GEN

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

Yes

Wrap and Unwrap

No

Derive

No

FIPS-approved

Yes*

* All RSA signing operations performed under FIPS mode are carried out only if the specified key has a modulus of 2048 bits or greater. Any attempt to create an RSA key smaller than 2048 bits while running in FIPS mode results in a CKR_KEY_SIZE_RANGE or CKA_TEMPLATE_INCONSISTENT error.

Key Size Range (bytes) and Parameters

Minimum 512
FIPS Minimum 2048
Maximum 4096
Parameter CK_ULONG (optional)

Description

The mechanism denoted CKM_RSA_PKCS_KEY_PAIR_GEN is a Key Pair Generation mechanism to create a new RSA key pair of objects using the method described in PKCS#1. It behaves as described in the PKCS#11 version 2.20 documentation, with the following exception:

This SafeNet ProtectToolkit-C mechanism has an optional parameter of type CK_ULONG which, if provided, will specify the size in bits of the random public exponent.

Return to SafeNet ProtectToolkit-C Mechanisms


Customer Support Portal

SafeNet ProtectToolkit 5.5 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.