1# Signing and Signature Verification Overview and Algorithm Specifications 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10To ensure data integrity and non-repudiation, you can use the generated or imported key to perform signing and signature verification. 11 12## Supported Algorithms 13 14The following table lists the supported specifications for signing and signature verification. 15<!--Del--> 16The key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported. 17 18**You are advised to use mandatory specifications in your development for compatibility purposes.** 19<!--DelEnd--> 20 21**Specifications****<!--RP3--> for standard devices<!--RP3End-->** 22 23| Algorithm/MD Algorithm/Padding Mode| Description| API Version| <!--DelCol4-->Mandatory| 24| -------- | -------- | -------- | -------- | 25| <!--DelRow-->RSA/MD5/PKCS1_V1_5<br>RSA/SHA1/PKCS1_V1_5<br>RSA/SHA224/PKCS1_V1_5<br>RSA/SHA224/PSS | In PSS mode, the salt length can be set to the digest length or maximum length (Maximum length = Key length - Digest length - 2). For details, see [HuksRsaPssSaltLenType](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksrsapsssaltlentype10).| 8+ | No| 26| RSA/SHA256/PKCS1_V1_5<br>RSA/SHA384/PKCS1_V1_5<br>RSA/SHA512/PKCS1_V1_5<br>RSA/SHA256/PSS<br>RSA/SHA384/PSS<br>RSA/SHA512/PSS | In PSS mode, the salt length can be set to the digest length or maximum length (Maximum length = Key length - Digest length - 2). For details, see [HuksRsaPssSaltLenType](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksrsapsssaltlentype10).| 8+ | Yes| 27| RSA/NoDigest/PKCS1_V1_5 | **TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**. The service side hashes the plaintext and passes in the hashed data. The length of the hashed data must meet the MD algorithm specifications supported by RSA signing and signature verification.| 9+ | Yes| 28| RSA/NoDigest/NoPadding | **TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**. The plaintext length must be equal to the key length.| 20+ | Yes| 29| <!--DelRow-->DSA/SHA1<br>DSA/SHA224<br>DSA/SHA256<br>DSA/SHA384<br>DSA/SHA512 | - | 8+ | No| 30| <!--DelRow-->DSA/NoDigest | **TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**.| 9+ | No| 31| <!--DelRow-->ECC/SHA1<br>ECC/SHA224 | The signature is in the ASN1 format.| 8+ | No| 32| ECC/SHA256<br>ECC/SHA384<br>ECC/SHA512 | The signature is in the ASN1 format.<br>The ECC algorithm supports the following elliptic curve functions: P-256, P-384, and P-521.| 8+ | Yes| 33| <!--DelRow-->ECC/NoDigest | The signature is in the ASN1 format.<br>**TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**.| 9+ | No| 34| ED25519/NoDigest | **TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**.| 8+ | Yes| 35| SM2/SM3 | The signature is in the ASN1 format.| 9+ | Yes| 36 37**Specifications****<!--RP4--> for mini-system devices<!--RP4End-->** 38 39<!--Del--> 40Before implementing the specifications for mini-system devices, determine whether your device supports the related specifications. 41<!--DelEnd--> 42 43| Algorithm/MD Algorithm/Padding Mode| Description| API Version| 44| -------- | -------- | -------- | 45| RSA/SHA256/PKCS1_V1_5 | - | 12+ | 46| RSA/SHA256/PSS | - | 12+ | 47| RSA/SHA1/ISO_IEC_9796_2 | Minimum data length = Key length - 21 bytes| 12+ | 48| RSA/NoDigest/NoPadding | **TAG HuksKeyDigest.HUKS_DIGEST_NONE** must be specified with **NoDigest**. The plaintext length must be equal to the key length.| 20+ | 49 50<!--RP1--><!--RP1End--> 51 52<!--RP2--><!--RP2End--> 53