Reputation: 123
PKCS11 Mechanisms difference + JAVA
I'm implementing functions with PKCS11 mechanisms - CKM_RSA_PKCS and CKM_RSA_X_509. I know that both are implemented in Botan C++ library, but I have to find equivalents in Java. Second problem is what's the difference between both of them?
Upvotes: 2
Views: 1933
Answers (1)
Reputation: 7786
CKM_RSA_PKCS refers to the PKCS#1 v1.5 standard (see RFC3447) for RSA encryption and digital signatures. In Java JCE, it is typically the default choice for RSA.
- For digital signatures, pass "MD5WithRSA", "SHA1WithRSA", etc to
Signature.getInstance() - For encryption, pass "RSA/None/PKCS1Padding" to
Cipher.getInstance().
CKM_RSA_X_509 refers to the textbook (or raw) RSA algorithm, that is, the one where no padding is defined. In this case, you can simply pass "RSA/None/NoPadding" to Cipher.getInstance(). Signature can be done with decryption, wheres verification can be done with encryption (followed by comparison).
I would avoid implementing and using raw RSA though, unless you have specific use cases in mind. PKCS#1v 1.5 signatures are more secure. For enciphering though, I wouldn't actually recommend to use either of them, because they are both unsecure. It's better to rely only on PKCS#1 OAEP (CKM_RSA_PKCS_OAEP); for that, you pass "RSA/None/OAEPWithSHA1AndMGF1Padding" to Cipher.getInstance().
Upvotes: 4
Related Questions
- Difference result by using sign and verify for signature
- what is deference between "RSA/ECB/OAEPWITHSHA256ANDMGF1PADDING" and "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING"
- Discrepancy between Java's public key representation and RFC 8410
- What is the difference between a PKCS12 keystore and a PKCS11 keystore?
- PKCS11 or Cryptographic API?
- PKCS#11 instantiation problems
- PKCS#11 on Java 7 Windows 64 bit
- Creating PKCS10 certificate request with PKCS11 inJAVA
- PKCS11 format key using Java keytool
- Java PKCS11 Standard for Crypto tokens