CKM_RSA_PKCS

CKM_RSA_PKCS_PSS

NOTE This mechanism name and RSASSA-PSS are referring to the same underlying RSA signature scheme.

Firmware 7.9.0 and Newer Summary

FIPS approved?	Yes
Supported functions	Sign \| Verify
Functions restricted from FIPS use	Can verify only if PP45 enabled
Minimum key length (bits)	256
Minimum key length for FIPS use (bits)	2048
Minimum legacy key length for FIPS use (bits)	1024
Maximum key length (bits)	8192
Block size	0
Digest size	0
Key types	RSA
Algorithms	None
Modes	None
Flags	PSS

NOTE Using Luna HSM Firmware 7.9.0 or newer, signature verification is permitted in FIPS approved configuration, as long as partition policy 45: Allow ECDSA/RSA Prehash SigVer is set to 1 on the partition.

Firmware 7.8.9 and Older Summary

FIPS approved?	Yes
Supported functions	Sign \| Verify
Functions restricted from FIPS use	None
Minimum key length (bits)	256
Minimum key length for FIPS use (bits)	2048
Minimum legacy key length for FIPS use (bits)	1024
Maximum key length (bits)	8192
Block size	0
Digest size	0
Key types	RSA
Algorithms	None
Modes	None
Flags	PSS



	SUPPORT	LEGAL
Luna PCIe HSM 7 Documentation © Copyright 2001-2025, Thales Group Last Updated: 2025-10-28 08:00:29 GMT-05:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information