SIGN PKCS1 Command

Sign with RSA-PKCS#1v1.5.

Description

Computes a digital signature using RSA-PKCS1v1.5 on the provided data.

Shell Example

Sign the data in the file test using rsa-pkcs1-sha256:

yubihsm> sign pkcs1v1_5 0 0x1e15 rsa-pkcs1-sha256 test
   eu9HQceSs0zsUogVloovRRcDGtkBj5AIp2Nnk6LWT4KbQZX8ac+vmFtVotjDIF9PkQ9MA8K
   sfUGvXAxpnvUyin3BjGvzENu5XRi+ZOGP4m8777zbDi1v7FKQSx8/KdZf4tulIsL4rM4M+uH
   /QoQ83vWty4c63QjcSlZJQDsdHn9r3E5or3QgBo06yK2Rd8W3WYGloSPvDaGu7L87CDFy
   MniAQB//Sw7bYr4hbVpKIWi6q4VPhBKdaB6+FzTmYrqsSv1vwek0V4LbvyelTHlh9PpFuSF
   ZeGJ/i1gkIeSO2XlKNLa4+AO+H+TYUOP3b6Qlhs3f7e4AFFWKE6lPpDHJA==

Protocol Details

Command

Tc = 0x047
Lc = 2 + LD
Vc = I || D

Parameters:

I := Object ID of the Asymmetric Key (2 bytes)

D := Digest

The Digest can be either a raw hash of data, where DigestInfo will be applied in the device, or DigestInfo + hash. Hashes supported are SHA-1, SHA-256, SHA-384 and SHA-512.

Response

Tr = 0xc7
Lr = LDS
Vr = DS

Parameters:

DS := Resulting signature