Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Digital_Signature_Generate

rule_array

The rule_array parameter is a pointer to a string variable containing an array of

keywords. The keywords are eight bytes in length, and must be left-justified

and padded on the right with space characters. The rule_array keywords are

shown below:

Notes:

1. The hash for PKCS-1.1 and PKCS-1.0 should have been created using

MD5 or SHA-1 algorithms.

2. The hash for ISO-9796 and ZERO-PAD can be obtained by any hashing

method.

3. See “Formatting Hashes and Keys in Public-Key Cryptography” on

page D-19 for a discussion of hash formatting methods.

PKA_private_key_identifier_length

The PKA_private_key_identifier_length parameter is a pointer to an integer

variable containing the number of bytes of data in the

PKA_private_key_identifier variable. The maximum length is 2500 bytes.

PKA_private_key_identifier

The PKA_private_key_identifier parameter is a pointer to a string variable

containing either a key label identifying a key-storage record or retained key, or

an internal public-private key token.

Keyword Meaning

Digital-signature-hash formatting method (one, optional)

X9.31 Formats the hash according to the ANSI X9.31 standard and

generates the digital signature.

PKCS-1.1 Calculates the digital signature on the string supplied in the

hash variable as specified in the RSA Data Security, Inc.,

Public Key Cryptography Standards #1 block type 01. The

RSA PKCS #1 standard refers to this as

RSASSA-PKCS1-v1_5 when you BER encode the hash as

described under the second note to the hash parameter. See

“PKCS #1 Formats” on page D-19.

ISO-9796 Formats the hash according to the ISO 9796-1 standard and

generates the digital signature. This is the default. See

“Formatting Hashes and Keys in Public-Key Cryptography” on

page D-19.

PKCS-1.0 Calculates the digital signature on the string supplied in the

hash variable as specified in the RSA Data Security, Inc.,

Public Key Cryptography Standards #1 block type 00. See

“PKCS #1 Formats” on page D-19.

ZERO-PAD Places the supplied hash-value in the low-order bit positions

of a bit-string of the same length as the modulus. Sets all

non-hash-value bit positions to zero. Ciphers the resulting

bit-string to obtain the digital signature.

Hashing method specification

When using X9.31 formatting, specify one.

SHA-1 Hash generated using the SHA-1 algorithm.

RPMD-160 Hash generated using the RIPEMD-160 algorithm.

Chapter 4. Hashing and Digital Signatures 4-5

previous next