1 2 PKCS #11 Cryptographic Token Interface 3 Current Mechanisms Specification Version 4 3.0 5 Working Draft 110 Rev. 2 6 728 May 2019 7 Technical Committee: 8 OASIS PKCS 11 TC 9 Chairs: 10 Robert Relyea ([email protected]), Red Hat 11 Tony Cox ([email protected]), Cryptsoft 12 Editor: 13 Chris Zimman ([email protected]), Individual 14 Dieter Bong ([email protected]), Utimaco 15 Additional artifacts: 16 This prose specification is one component of a Work Product that also includes the following 17 normative computer language definition files for PKCS #11 v3.0 rev01 18 include/pkcs11-v3.0/pkcs11.h 19 include/pkcs11-v3.0/pkcs11t.h 20 include/pkcs11-v3.0/pkcs11f.hThis prose specification is one component of a Work Product that Formatted: List Paragraph, Bulleted + Level: 1 + Aligned at: 21 also includes these computer language files: 0.63 cm + Indent at: 1.27 cm 22 pkcs11-curr-v30.h Formatted: List Paragraph, No bullets or numbering 23 Related work: 24 This specification replaces or supersedes: 25 PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 26 Plus Errata 01. Edited by Susan Gleeson, Chris Zimman, Robert Griffin, Tim Hudson. OASIS 27 Standard. http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/pkcs11-base-v2.40- 28 errata01-complete.html . 29 This specification is related to: 30 PKCS #11 Cryptographic Token Interface Base Specification Version 3.0 31 <URL> 32 PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 3.0 33 <URL> 34 PKCS #11 Cryptographic Token Interface Profiles Version 3.0 35 <URL>PKCS #11 Cryptographic Token Interface Base Specification Version 3.0. Edited by 36 Chris Zimman, Dieter Bong. Latest version. http://docs.oasis-open.org/pkcs11/pkcs11- 37 base/v2.41/pkcs11-base-v2.41.html. 38 PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 3.0. 39 Edited by Chris Zimman, Dieter Bong. Latest version. http://docs.oasis- 40 open.org/pkcs11/pkcs11-hist/v2.41/pkcs11-hist-v2.41.html. pkcs11-curr-v3.0-wd110-rev2 Working Draft 10 Rev. 21 287 May 2019 Standards Track Draft Copyright © OASIS Open 2019. All Rights Reserved. Page 1 of 278 41 PKCS #11 Cryptographic Token Interface Usage Guide Version 3.0. Edited by John 42 Leiseboer and Robert Griffin. Latest version. http://docs.oasis-open.org/pkcs11/pkcs11- 43 ug/v2.41/pkcs11-ug-v2.41.html. 44 PKCS #11 Cryptographic Token Interface Profiles Version 3.0. Edited by Tim Hudson. Latest 45 version. http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.41/pkcs11-profiles-v2.41.html. 46 Abstract: 47 This document defines mechanisms that are anticipated for use with the current version of PKCS 48 #11. 49 Status: 50 This Working Draft (WD) has been produced by one or more TC Members; it has not yet been 51 voted on by the TC or approved as a Committee Draft (Committee Specification Draft or a 52 Committee Note Draft). The OASIS document Approval Process begins officially with a TC vote 53 to approve a WD as a Committee Draft. A TC may approve a Working Draft, revise it, and re- 54 approve it any number of times as a Committee Draft. 55 URI patterns: 56 Initial publication URI: 57 http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.41/csd01/pkcs11-curr-v2.41-csd01.doc 58 Permanent “Latest version” URI: 59 http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.41/pkcs11-curr-v2.41.doc 60 (Managed by OASIS TC Administration; please don’t modify.) 61 62 63 Copyright © OASIS Open 2019. All Rights Reserved. 64 All capitalized terms in the following text have the meanings assigned to them in the OASIS Intellectual 65 Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the OASIS website. 66 This document and translations of it may be copied and furnished to others, and derivative works that 67 comment on or otherwise explain it or assist in its implementation may be prepared, copied, published, 68 and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice 69 and this section are included on all such copies and derivative works. However, this document itself may 70 not be modified in any way, including by removing the copyright notice or references to OASIS, except as 71 needed for the purpose of developing any document or deliverable produced by an OASIS Technical 72 Committee (in which case the rules applicable to copyrights, as set forth in the OASIS IPR Policy, must 73 be followed) or as required to translate it into languages other than English. 74 The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors 75 or assigns. 76 This document and the information contained herein is provided on an "AS IS" basis and OASIS 77 DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 78 WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY 79 OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 80 PARTICULAR PURPOSE. 81 pkcs11-curr-v3.0-wd110-rev2 Working Draft 10 Rev. 21 287 May 2019 Standards Track Draft Copyright © OASIS Open 2019. All Rights Reserved. Page 2 of 278 82 Table of Contents 83 1 Introduction ................................................................................................................................... 14 84 1.1 Terminology ................................................................................................................................ 14 85 1.2 Definitions ................................................................................................................................... 14 86 1.3 Normative References ................................................................................................................. 15 87 1.4 Non-Normative References ......................................................................................................... 17 88 2 Mechanisms .................................................................................................................................. 20 89 2.1 RSA ............................................................................................................................................ 20 90 2.1.1 Definitions ............................................................................................................................ 21 91 2.1.2 RSA public key objects ......................................................................................................... 22 92 2.1.3 RSA private key objects ........................................................................................................ 23 93 2.1.4 PKCS #1 RSA key pair generation ........................................................................................ 24 94 2.1.5 X9.31 RSA key pair generation ............................................................................................. 25 95 2.1.6 PKCS #1 v1.5 RSA ............................................................................................................... 25 96 2.1.7 PKCS #1 RSA OAEP mechanism parameters ...................................................................... 26 97 2.1.8 PKCS #1 RSA OAEP ........................................................................................................... 28 98 2.1.9 PKCS #1 RSA PSS mechanism parameters ......................................................................... 28 99 2.1.10 PKCS #1 RSA PSS ............................................................................................................ 29 100 2.1.11 ISO/IEC 9796 RSA ............................................................................................................. 29 101 2.1.12 X.509 (raw) RSA................................................................................................................. 30 102 2.1.13 ANSI X9.31 RSA ................................................................................................................ 31 103 2.1.14 PKCS #1 v1.5 RSA signature with MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPE- 104 MD 128 or RIPE-MD 160 ............................................................................................................... 32 105 2.1.15 PKCS #1 v1.5 RSA signature with SHA-224 ....................................................................... 32 106 2.1.16 PKCS #1 RSA PSS signature with SHA-224 ....................................................................... 32 107 2.1.17 PKCS #1 RSA PSS signature with SHA-1, SHA-256, SHA-384 or SHA-512 ........................ 32 108 2.1.18 PKCS #1 v1.5 RSA signature with SHA3 ............................................................................ 33 109 2.1.19 PKCS #1 RSA PSS signature with SHA3 ............................................................................ 33 110 2.1.20 ANSI X9.31 RSA signature with SHA-1 ............................................................................... 33 111 2.1.21 TPM 1.1b and TPM 1.2 PKCS #1 v1.5 RSA ........................................................................ 34 112 2.1.22 TPM 1.1b and TPM 1.2 PKCS #1 RSA OAEP ..................................................................... 34 113 2.1.23 RSA AES KEY WRAP ........................................................................................................ 35 114 2.1.24 RSA AES KEY WRAP mechanism parameters ................................................................... 36 115 2.1.25 FIPS 186-4 ........................................................................................................................