What does mechanism mean in PKCS11? For example: CKM_RSA_PKCS.
What is the difference between a mechanism (CKM_RSA_PKCS) and a signature algorithm (NoneWithRSA)?
A mechanism is a constant value that describes a cryptographic operation. For example, CKM_RSA_PKCS is defined in the PKCS #11 manual as:
The PKCS #1 v1.5 RSA mechanism, denoted CKM_RSA_PKCS, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the
md2withRSAEncryptionandmd5withRSAEncryptionalgorithms in PKCS #1 v1.5.
Note the "multi-purpose" clause - this single mechanism can be used with encryption/decryption as well as signing/verifying.
The Java mechanism NoneWithRSA is defined as:
The RSA signature algorithm which does not use a digesting algorithm (e.g. MD5/SHA1) before performing the RSA operation. For more information about the RSA Signature algorithms, please see PKCS1.
The Java mechanism is only for signatures.
From the descriptions, it appears a signature computed with NoneWithRSA in Java would be equivalent to a signature computed in PKCS #11 with CKM_RSA_PKCS.