Signature/Verification Introduction and Algorithm Specifications
Note:
Currently in the beta phase.
To achieve data integrity protection and non-repudiation, generated/imported keys can be used to perform signature/verification operations on data.
Supported Algorithms
The following are the specifications supported for key signature/verification.
For OpenHarmony vendor adaptation, the Key Management Service specifications are divided into mandatory and optional specifications. Mandatory specifications are algorithm specifications that all vendors must support. For optional specifications, vendors will decide whether to implement them based on actual circumstances. If you need to use them, please refer to the specific vendor's documentation to ensure compatibility before use.
It is recommended that developers use mandatory specifications for application development to ensure full platform compatibility.
Standard Device Specifications
| Algorithm/Digest Algorithm/Padding Mode | Remarks | API Level | Mandatory Specification |
|---|---|---|---|
| RSA/MD5/PKCS1_V1_5 RSA/SHA1/PKCS1_V1_5 RSA/SHA224/PKCS1_V1_5 RSA/SHA224/PSS |
For PSS mode, the salt length can be set to the digest length or the maximum length (maximum length = key length - digest length - 2). For corresponding enumeration values, refer to HuksRsaPssSaltLenType. | 15+ | No |
| RSA/SHA256/PKCS1_V1_5 RSA/SHA384/PKCS1_V1_5 RSA/SHA512/PKCS1_V1_5 RSA/SHA256/PSS RSA/SHA384/PSS RSA/SHA512/PSS |
For PSS mode, the salt length can be set to the digest length or the maximum length (maximum length = key length - digest length - 2). For corresponding enumeration values, refer to HuksRsaPssSaltLenType. | 15+ | Yes |
| RSA/NoDigest/PKCS1_V1_5 | NoDigest requires specifying the TAG HuksKeyDigest.HUKS_DIGEST_NONE. The service must hash the plaintext and pass the hashed data, which must meet the digest algorithm specifications supported by RSA signature/verification. | 15+ | Yes |
| DSA/SHA1 DSA/SHA224 DSA/SHA256 DSA/SHA384 DSA/SHA512 |
- | 15+ | No |
| DSA/NoDigest | NoDigest requires specifying the TAG HuksKeyDigest.HUKS_DIGEST_NONE. | 15+ | No |
| ECC/SHA1 ECC/SHA224 |
The signature is in ASN1 format. | 15+ | No |
| ECC/SHA256 ECC/SHA384 ECC/SHA512 |
The signature is in ASN1 format. The elliptic curve functions supported by the ECC algorithm include: P-256, P-384, P-521. |
15+ | Yes |
| ECC/NoDigest | The signature is in ASN1 format. NoDigest requires specifying the TAG HuksKeyDigest.HUKS_DIGEST_NONE. |
15+ | No |
| ED25519/NoDigest | NoDigest requires specifying the TAG HuksKeyDigest.HUKS_DIGEST_NONE. | 15+ | Yes |
| SM2/SM3 | The signature is in ASN1 format. | 15+ | Yes |
Lightweight Device Specifications
For the specifications listed for lightweight devices, OEM vendors will decide whether to implement them based on actual circumstances. If you need to use them, please refer to the specific vendor's documentation to ensure compatibility before use.
| Algorithm/Digest Algorithm/Padding Mode | Remarks | API Level |
|---|---|---|
| RSA/SHA256/PKCS1_V1_5 | - | 15+ |
| RSA/SHA256/PSS | - | 15+ |
| RSA/SHA1/ISO_IEC_9796_2 | Minimum data length = key length - 21 bytes | 15+ |