CKM_DSA_SHA1_PKCS
This section provides a summary of CKM_DSA_SHA1_PKCS.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | No |
Sign and Verify | Yes |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | When using all firmware versions No signing When using firmware older than 7.03.00 Minimum 2048-bit modulus for all operations |
Key size range (bits) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 512 |
FIPS Minimum | 2048 |
Maximum | 3072 |
Parameter
None
Mechanism description
The PKCS#1 DSA signature with SHA-1 mechanism, denoted CKM_DSA_SHA1_PKCS
, performs single and multiple-part digital signature and verification operations without message recovery. The operations performed are as described in PKCS#1 with the object identifier sha1WithDSAEncryption
.
It is similar to the PKCS#11 mechanism CKM_RSA_SHA1_PKCS
except DSA is used instead of RSA. This mechanism has no parameter.
Return to ProtectToolkit-C mechanisms.