Usage notes
The usage notes for CSNDDSV.
Notes on formatting the message
- ISO-9796
- The length of the hash must be less than or equal to one-half of the number of bytes required to contain the modulus of the RSA key.
- PKCS-1.0 and PKCS-1.1
- The length of the hash must be 11 bytes shorter than the number of bytes required to contain the
modulus of the RSA key.
When the HASH keyword is specified, the hash must be BER encoded. See Formatting hashes and keys in public-key cryptography for a description of the formatting methods.
- PKCS-PSS
- The first four bytes of the data parameter contain the salt length. The
remaining bytes of the parameter contain the hash or message.
The hash algorithm and salt length should be provided to you with the signature. If not, the recommended salt length is 0 or the byte length of the hash algorithm.
For signature verification, the salt length derived from the signature must be an exact match (keyword EXMATCH, the default) for the salt length specified with the data parameter. When the Digital Signature Verify - PKCS-PSS allow not exact salt length access control is enabled in the domain role, keyword NEXMATCH can be specified to allow signature verification when the salt length derived from the signature is not an exact match for the salt length specified with the data parameter. Salt lengths derived from the signature are not allowed to be less than the value specified with the data parameter.
When the signature verification is done on an accelerator, there is no domain role and no access control points. The check of the salt length will be performed based on the signature check rule keywords.
- X9.31
- There are no restrictions for the hash length or message.
- ZERO-PAD
- The length of the hash must be less than or equal to the number of bytes required to contain the modulus of the RSA key.
- ECDSA
- There are no restrictions for the hash length or message.
- EDDSA and EC-SDSA
- The length of the message must be less than or equal to 8192 bytes.
- CRDL-DSA
- The length of the message must be less than or equal to 5000 bytes with an ML-DSA or CRYSTALS-Dilithium (6,5) private key when on a Crypto
Express7 CCA coprocessor or
less than or equal to 15000 bytes with an ML-DSA or CRYSTALS-Dilithium private key when on a Crypto
Express8 CCA coprocessor.
For pure ML-DSA (X'05') keys, keywords CRDL-DSA, CRDLHASH, and MESSAGE must be provided. For pre-hash ML-DSA (X'07') keys, there are two options:
- You have the hash and you want to verify the signature of the hash:
- Provide both the CRDL-DSA and HASH keywords and also provide the hash method keyword that was used to generate the hash.
- You have the un-hashed message and you want to hash the message and verify the signature of the hash:
- Provide both the CRDL-DSA and MESSAGE keywords and also provide the desired hash method.