|
Command: |
Generate a signature on a message using a secret key. |
|
Field |
Length & Type |
Details |
|---|---|---|
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value EW. |
|
Hash identifier |
2 N |
Identifier of the hash algorithm used to hash the message. |
|
Signature Identifier |
2 N |
Identifier of the signature algorithm used to sign the message. |
|
Pad mode identifier |
2 N |
Identifier of the pad mode used in signature generation. 01 = PKCS#1 v1.5 method |
|
Mask Generation Function |
2N |
01 = MGF1 as defined in PKCS#1 v2.0 (see Reference 3) Optional, only present if PAD Mode Identifier is 02 (OAEP) |
|
MGF Hash Function |
2N |
01 = SHA-1 |
|
OAEP Encoding Parameters Length |
2N |
Optional, only present if Pad Mode Identifier is 02 (OAEP). |
|
OAEP Encoding Parameters
|
NB |
Optional, only present if Pad Mode Identifier is 02 (OAEP) If present, this field should be encoded according to Reference 3 section 11.2.1. The HSM does not interpret or validate the contents of this field. If OAEP padding is used, but no Encoding Parameters are provided, then OAEP Parameters Length should be “00”, and this field will be empty. |
|
OAEP Encoding Parameters Delimiter |
1A |
Value “;”. Optional, only present if Pad Mode Identifier is 02 (OAEP). |
|
Data length |
4 N |
Length (in bytes) of the message data to be signed. |
|
Message data |
n B |
Data to be signed. |
|
Delimiter |
1 A |
Delimiter, indicates the end of the message data field. Value “;”. |
|
Secret key flag |
2 N |
Flag, indicates the location of the secret key. The number is the index of the stored secret key, except 99 which means use the key supplied in the command. |
|
Secret key length |
4 N |
Length (in bytes) of the next field (present only if the secret key flag is 99). |
|
Secret key
|
n B
|
Secret key, encrypted using LMK pair 34-35 (present only if the secret key flag is 99). |
|
End message delimiter
|
1 C
|
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer
|
n A
|
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|---|---|---|
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value EX. |
|
Error code |
2 N |
00 : No error 03 : Invalid secret key type 04 : Invalid secret key flag 05 : Invalid hash identifier 06 : Invalid signature identifier 07 : Invalid pad mode identifier 13 : LMK error; report to supervisor 15 : Error in input data 47 : DSP error; report to supervisor 49 : Secret key error; report to supervisor 74 : Invalid digest info syntax (no-hash mode only) 76 : Hash length error 78 : Secret key length error 80 : Message length error 85 : Invalid OAEP Mask Generation Function 86 : Invalid OAEP MGF Hash Function 87 : OAEP Parameter Error 88 : OAEP Error |
|
Signature length |
4 N |
Length (in bytes) of the signature. |
|
Signature |
n B |
Calculated signature. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |
|
|
|
|