OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4

I'm not sure I agree with this one. 

A better way to deal with this is to set the ulMinKeySize parameter of the CK_MECHANISM_INFO for CKM_RSA_PKCS to 1024 and to note - in the product guidance - that 1024, 2048 and 3072 are the only valid lengths when you're in FIPS mode.   

The way I look at it is the client has to know whether or not the module is FIPS or not, and if it is, it's going to expect an error if it attempts to use the underlying mechanism for different values.

Mike


On 7/31/2013 5:09 PM, Oscar K So Jr. wrote:
Proposal: CKM_RSA_PKCS_FIPS_186_4

FIPS-183-4 algorithms:
http://www.ofr.gov/OFRUpload/OFRData/2013-17396_PI.pdf

This mechanism is equivalent to: CKM_RSA_PKCS 





---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]