Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

Digital_Signature_Verify CCA Release 2.54

Notes:

1. The hash for PKCS-1.1 and PKCS-1.0 should have been created using

MD5 or SHA-1 algorithms.

2. The hash for ISO-9796 and ZERO-PAD can be obtained by any hashing

method.

PKA_public_key_identifier_length

The PKA_public_key_identifier_length parameter is a pointer to an integer

variable containing the number of bytes of data in the

PKA_public_key_identifier variable. The maximum length is 2500 bytes.

PKA_public_key_identifier

The PKA_public_key_identifier parameter is a pointer to a string variable

containing either a key label identifying a key-storage record or a registered

public-key, or a key token.

hash_length

The hash_length parameter is a pointer to an integer variable containing the

number of bytes of data in the hash variable.

hash

The hash parameter is a pointer to a string variable containing the hash

information to be verified.

Keyword Meaning

Digital-signature-hash formatting method (one, optional, for RSA)

X9.31 Format the hash according to the ANSI X9.31 standard and

compare to the digital signature. See “Formatting Hashes and

Keys in Public-Key Cryptography” on page D-19.

PKCS-1.1 Format the hash as specified in the RSA Data Security, Inc.,

Public Key Cryptography Standards #1 block type 01 and

compare to the digital signature. The RSA PKCS #1 standard

refers to this as RSASSA-PKCS-v1_5 when you BER encode

the hash as described under the second note to the hash

parameter. See “PKCS #1 Formats” on page D-19.

ISO-9796 Format the hash according to the ISO 9796-1 standard and

compare to the digital signature. This is the default. See

“Formatting Hashes and Keys in Public-Key Cryptography” on

page D-19.

PKCS-1.0 Format the hash as specified in the RSA Data Security, Inc.,

Public Key Cryptography Standards #1 block type 00 and

compare to the digital signature. See “PKCS #1 Formats” on

page D-19.

ZERO-PAD The supplied hash value is placed in the low-order bit

positions of a bit-string of the same length as the modulus

with all non-hash-value bit positions set to zero. After

ciphering the supplied digital signature, the result is compared

to the hash-extended bit string.

4-8 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next