LMS Keys - FAQs

1.0 Frequently Asked Questions

1. What are Fortanix's limitations on LMS Key tree size?
   Fortanix LMS implementation is a two-level Hierarchical Signature System (HSS) whose heights are L₁ and L₂ respectively. Where L₁ is the height of the top-level tree and L₂ is the height of the secondary-level tree. The sum of the L₁ tree height and L₂ tree height must not exceed 20. For example, two trees with heights L₁ + L₂ <= 25. Where L₁ and L₂ are multiple of 5.
2. How many signatures can an LMS key perform for the lifetime of the key?
   The "key capacity" is the number of signatures that an LMS key can perform for its lifetime.
   It is equal to 2 ^ (L₁ + L₂).
   For example, a (5,5) key or tree can produce 1024 signatures.
3. What does an LMS signature look like? How would it be verified by an external library?
   See RFC8554 - Section 6.2 and RFC8708 - Section 2.2.
   NOTE

   Since there are two trees (L₁ and L₂), there is only one signed public key. Fortanix also includes the public key. One LMS signature that is needed to define HSS on the next layer is serialized into 1132 + 32 × h bytes.
4. Is there a way to check the number of signing for LMS keys?
   Users need to keep track of the number of signatures that are produced.
5. What RSC are we using for LMS-based certificates?
   Fortanix does not format LMS keys in certificates.
6. Can the Fortanix PKCS#11 library handle verification for signing for external apps?
   PKCS#11 will verify any valid signature within the available PKCS#11 supported mechanisms as long as the input signature is in a format that PKCS#11 understands. LMS is not supported in PKCS#11.
7. What are Fortanix’s stance and best practices for CSR generations?
   Some best practices are:
   
   • Add the CA key inside Fortanix DSM and adequately verify the CSR for authentication before signing.