Algorithm Support
This Crypto Token relies on support for the algorithm in the PKCS#11 standard, the used PKCS#11 driver from the HSM vendor and the supported algorithms in the HSM. A complete list of supported algorithms can thus not be compiled here and the following lists algorithms that are tested and known to work with an HSM supporting it. Also, see the specific SignServer Signer
for algorithms that signers can work with and review signer-specific algorithm support pages.
Signature Algorithms
|
Algorithm Name |
Also Known As |
Comment |
|
SHA1withRSA |
RSASSA-PKCS_v1.5 using SHA1 |
|
|
SHA224withRSA |
RSASSA-PKCS_v1.5 using SHA224 |
|
|
SHA256withRSA |
RSASSA-PKCS_v1.5 using SHA256 |
|
|
SHA384withRSA |
RSASSA-PKCS_v1.5 using SHA384 |
|
|
SHA512withRSA |
RSASSA-PKCS_v1.5 using SHA512 |
|
|
NONEwithRSA |
RSASSA-PKCS_v1.5 |
Depending on the Signer. Generally only supported by Plain Signer. |
|
SHA1withRSAandMGF1 |
RSASSA-PSS using SHA1 |
|
|
SHA224withRSAandMGF1 |
RSASSA-PSS using SHA224 |
|
|
SHA256withRSAandMGF1 |
RSASSA-PSS using SHA256 |
|
|
SHA384withRSAandMGF1 |
RSASSA-PSS using SHA384 |
|
|
SHA512withRSAandMGF1 |
RSASSA-PSS using SHA512 |
|
|
NONEwithRSAandMGF1 |
RSASSA-PSS |
Depending on the Signer. Generally only supported by Plain Signer. |
|
SHA1withECDSA |
ECDSA using SHA1 |
|
|
SHA224withECDSA |
ECDSA using SHA224 |
|
|
SHA256withECDSA |
ECDSA using SHA256 |
|
|
SHA384withECDSA |
ECDSA using SHA384 |
|
|
SHA512withECDSA |
ECDSA using SHA512 |
|
|
NONEwithECDSA |
ECDSA |
Not yet implemented. For details, refer to DSS-2395. |
Key Algorithms
|
Algorithm Name |
Key Specification |
Comment |
|
RSA |
1024 |
Other key lengths are likely also working. |
|
ECDSA |
Named curves:
|
More named curves are likely working. |
|
ECDSA |
Explicit parameters |
A signer can be configured using the EXPLICTECC parameter (see Other Properties) to encode the EC parameters explicitly in the request. This goes for the supported named curves and a named curve is still needed when generating the key-pair. Certificates with explicit parameters can be stored in the token. |
|
AES |
128 |
|
Related Content