Signing and Signature Verification Overview and Algorithm Specifications
To ensure data integrity and non-repudiation, you can use the generated or imported key to perform signing and signature verification.
Supported Algorithms
The following table lists the supported specifications for signing and signature verification.
The key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported.
You are advised to use mandatory specifications in your development for compatibility purposes.
Specifications for Standard-System Devices
| Algorithm/MD Algorithm/Padding Mode | Description | API Version | Mandatory |
|---|---|---|---|
| RSA/MD5/PKCS1_V1_5 RSA/SHA1/PKCS1_V1_5 RSA/SHA224/PKCS1_V1_5 RSA/SHA224/PSS |
In PSS mode, the salt length can be set to the digest length or maximum length (Maximum length = Key length - Digest length - 2). For details, see HuksRsaPssSaltLenType. | 8+ | No |
| RSA/SHA256/PKCS1_V1_5 RSA/SHA384/PKCS1_V1_5 RSA/SHA512/PKCS1_V1_5 RSA/SHA256/PSS RSA/SHA384/PSS RSA/SHA512/PSS |
In PSS mode, the salt length can be set to the digest length or maximum length (Maximum length = Key length - Digest length - 2). For details, see HuksRsaPssSaltLenType. | 8+ | Yes |
| RSA/NoDigest/PKCS1_V1_5 | TAG HuksKeyDigest.HUKS_DIGEST_NONE must be specified with NoDigest. The service side hashes the plaintext and passes in the hashed data. The length of the hashed data must meet the MD algorithm specifications supported by RSA signing and signature verification. | 9+ | Yes |
| DSA/SHA1 DSA/SHA224 DSA/SHA256 DSA/SHA384 DSA/SHA512 |
- | 8+ | No |
| DSA/NoDigest | TAG HuksKeyDigest.HUKS_DIGEST_NONE must be specified with NoDigest. | 9+ | No |
| ECC/SHA1 ECC/SHA224 |
- | 8+ | No |
| ECC/SHA256 ECC/SHA384 ECC/SHA512 |
The ECC algorithm supports elliptic curve functions P-256, P-384, and P-521. | 8+ | Yes |
| ECC/NoDigest | TAG HuksKeyDigest.HUKS_DIGEST_NONE must be specified with NoDigest. | 9+ | No |
| ED25519/NoDigest | TAG HuksKeyDigest.HUKS_DIGEST_NONE must be specified with NoDigest. | 8+ | Yes |
| SM2/SM3 | - | 9+ | Yes |
Specifications for Mini-System Devices
Before implementing the specifications for mini-system devices, determine whether your device supports the related specifications.
| Algorithm/MD Algorithm/Padding Mode | Description | API Version |
|---|---|---|
| RSA/SHA256/PKCS1_V1_5 | - | 12+ |
| RSA/SHA256/PSS | - | 12+ |
| RSA/SHA1/ISO_IEC_9796_2 | Minimum data length = Key length - 21 bytes | 12+ |