IBM 2 Computer Hardware User Manual


 
CCA Release 2.54 Digital_Signature_Verify
Notes:
1. For ISO-9796, the information identified by the hash parameter must be
less than or equal to one-half of the number of bytes required to contain
the modulus of the RSA key. Although ISO 9796-1 allows messages of
arbitrary bit length up to one-half of the modulus length, this verb requires
the input text to be a byte multiple up to the correct maximum length.
2. For PKCS-1.0 or PKCS-1.1, the information identified by the hash
parameter must be 11 bytes shorter than the number of bytes required to
contain the modulus of the RSA key, and should be the ANS.1 BER
encoding of the hash value.
You can create the BER encoding of an MD5 or SHA-1 value by
prepending these strings to the 16-byte or 20-byte hash values,
respectively:
MD5 X'3020300C 06082A86 4886F70D 02050500 0410'
SHA-1 X'30213009 06052B0E 03021A05 000414'
3. For ZERO-PAD, the information identified by the hash parameter must be
less than or equal to the number of bytes required to contain the modulus
of the RSA key.
signature_field_length
The signature_field_length parameter is a pointer to an integer variable
containing the number of bytes of data in the signature_field variable.
signature_field
The signature_field parameter is a pointer to a string variable containing the
digital signature. The digital signature bit-field is in the low-order bits of the
byte string containing the digital signature.
Required Commands
The Digital_Signature_Verify verb requires the Digital Signature Verify command
(offset X'0101') to be enabled in the hardware.
Chapter 4. Hashing and Digital Signatures 4-9