Interoperability with RSA CSPs

This chapter describes the implementation details to which all PROV_RSA_FULL and PROV_RSA_SIG providers must conform. Because the PROV_RSA_SIG provider type is a subset of PROV_RSA_FULL, not all of the material in this chapter is applicable to PROV_RSA_SIG providers.

The information in this chapter is included primarily for use by persons writing their own CSP, but may be of interest to some advanced application developers as well.

This section contains topics in five major areas:

• Supported algorithms. A minimum set of algorithms must be supported by all PROV_RSA_FULL and PROV_RSA_SIG providers.
• Key blob formats. A standard encoding scheme is defined for key blobs. This enables session keys and public keys to be exchanged between CSPs, even if the CSPs come from different vendors.
• Deriving session keys. The procedure whereby session keys are derived from hash values is defined, so that given the same base data, every CSP will be able to generate exactly the same session key from it.
• Hashing session keys. The procedure whereby session keys are hashed is defined, so that given the same session key, every CSP will be able to generate exactly the same hash value from it.
• Digital signature mechanics. The mechanics of digital signatures (as well as the signature format) are defined, so that different CSPs can verify each other's signatures correctly.