CKM_SHA256_RSA_PKCS_PSS
This section provides a summary of CKM_SHA256_RSA_PKCS_PSS.
Supported operations
Operation | Supported |
---|---|
Encrypt and Decrypt | No |
Sign and Verify | Yes |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | When using all firmware versions Minimum 2048-bit modulus for signing. When using 7.03.00 or newer When specifying the length of the salt in bytes with sLen in CK_RSA_PKCS_PSS_PARAMS, the value of sLen must be 0 ≤ sLen ≤ hLen, where hLen is the length of the hash function output block in bytes. |
Key size range (bits) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 512 |
FIPS Minimum | 2048 |
Maximum | 4096 |
Parameter
CK_RSA_PKCS_PSS_PARAMS
Mechanism description
For a full description of this mechanism, refer to the PKCS#11 version 2.20 documentation from RSA Laboratories.
Return to ProtectToolkit-C mechanisms.