SIGN PSS

Sign data using RSA-PSS.

Description

Computes a digital signature using RSA-PSS on the provided data.

Shell Example

Sign what is in file data using key 0x79c3 and put the resulting signature in sig:

yubihsm> sign pss 0 0x79c3 rsa-pss-sha256 data sig

Protocol Details

Command

Tc = 0x55
Lc = 2 + 1 + 2 + LD
Vc = I || M || S || D

Parameters:

I := Object ID of the Asymmetric Key (2 bytes)

M := Hash Algorithm to use for MGF1

S := Salt len (2 bytes)

D := Hashed data (20, 32, 48 or 64 bytes)

The DSI of EMSA-PSS is as defined in RFC 3447:

DSI := EMSA-PSS-ENCODE(M, emBits, Hash, MGF, sLen).

Hash is a supported hash Algorithm

MGF is a supported masking function

sLen is the length of the Salt

The DSI is generated internally and only the Hash of the data and the Salt length are provided.

Response

Tr = 0xd5
Lr = LDS
Vr = DS

Parameters:

DS := Resulting signature