CKM_RSA_PKCS_KEY_PAIR_GEN
Supported Operations
Encrypt and Decrypt |
No |
Sign and Verify |
No |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
Yes |
Wrap and Unwrap |
No |
Derive |
No |
FIPS-approved |
Yes* |
* All RSA signing operations performed under FIPS mode are carried out only if the specified key has a modulus of 2048 bits or greater. Any attempt to create an RSA key smaller than 2048 bits while running in FIPS mode results in a CKR_KEY_SIZE_RANGE
or CKA_TEMPLATE_INCONSISTENT
error.
Key Size Range (bytes) and Parameters
Minimum | 512 |
FIPS Minimum | 2048 |
Maximum | 4096 |
Parameter | CK_ULONG (optional) |
Description
The mechanism denoted CKM_RSA_PKCS_KEY_PAIR_GEN
is a Key Pair Generation mechanism to create a new RSA key pair of objects using the method described in PKCS#1. It behaves as described in the PKCS#11 version 2.20 documentation, with the following exception:
This SafeNet ProtectToolkit-C mechanism has an optional parameter of type CK_ULONG
which, if provided, will specify the size in bits of the random public exponent.
Return to SafeNet ProtectToolkit-C Mechanisms