Signing and Signature Verification Overview and Algorithm Specifications

After Ukey PIN authentication, an application can use resourceId to perform the signing operation on the corresponding key. This capability is implemented using the three-segment API provided by HUKS. The application only needs to specify the algorithm parameters (including the algorithm type, purpose, padding, and digest).

NOTE

1. HUKS_TAG_KEY_CLASS is used to specify the key managed by the external key management extension.
2. During the signing phase in the three-segment operations, keyAlias must be set to the value of resourceId.
3. The finish phase in the three-segment operations releases resources. If an exception occurs during the operation, abort is used to release the resources.

Specifications

The specifications are related to the implementation of the external hardware key management extension, which vary according to vendors.