Digital Signature Generate (CSNDDSG)

This verb generates a digital signature from hashed input data using an RSA, ECC, or PQC private key, contained in a PKA key token.

If the input text is a message, it should have been previously hashed using either the One-Way Hash verb or the MDC Generate verb. If the signature formatting algorithm specifies ANSI X9.31, you must specify the hash algorithm used to hash the text (SHA-1 or RPMD-160). See Formatting hashes and keys in public-key cryptography.

You select the method of formatting the text through the rule_array parameter.

If the PKA_private_key_identifier specifies an RSA private key, you select the method of formatting the text through the rule_array parameter. If the PKA_private_key_identifier specifies an ECC private key, the ECC signature generated is according to ANSI X9.30.

Note: For PKCS the message digest and the message-digest algorithm identifier are combined into an ASN.1 value of type DigestInfo, which is BER-encoded to give an octet string D (see Table 1). D is the text string supplied in the hash variable.

This service generates a digital signature using an RSA, ECC, or PQC private key. It supports these methods of signature generation:

  • ANSI X9.62 (ECC using ECDSA: Brainpool, NIST prime, and Koblitz curve secp256k1)
    • Recommended hash methods: SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512.
  • ISO/IEC 14888 Schnorr Digital Signature Algorithm (SDSA), (ECC using keyword EC-SDSA)
    • The hash method for P256 keys is SHA-256.
    • The hash method for P521 keys is SHA-512.
  • Edwards-curve digital signature algorithm (ECC using EDDSA)
    • Required hash method for Ed25519: SHA-512.
    • Required hash method for Ed448: SHAKE-256.
  • ANSI X9.31 (RSA)
  • ISO 9796-1 (RSA)
  • RSA DSI PKCS #1 v1.5 and v2.1 (RSA)
  • Padding on the left with zeros (RSA)
  • ML-DSA, CRYSTALS-Dilithium Digital Signature Algorithm (CRDL-DSA)
    • Required hash methods for ML-DSA, CRYSTALS-Dilithium: SHAKE-256.

The input text can be hashed using the One-Way Hash verb, the MDC Generate verb, or the Digital Signature Generate verb.

  • For CCA keys, when the PKA_private_key_identifier parameter specifies:
    An RSA private key
    Select the method of formatting the text by specifying a Digital signature formatting method rule array keyword.
    An ECC private key
    Select the ECDSA, EDDSA, or EC-SDSA Signature algorithm rule array keyword.

    For the EC-SDSA algorithm, the key is restricted to secp256r1 (P256) and secp521r1 (P521) curves.

    • The hash method for P256 keys is SHA-256.
    • The hash method for P521 keys is SHA-512.
    An ML-DSA or CRYSTALS-Dilithium private key
    Select the CRDL-DSA Signature algorithm rule array keyword.
  • For secure PKCS #11 keys, when the PKA_private_key_identifier parameter specifies:
    An RSA private key
    Select the PKCS-1.1 Digital signature formatting method keyword.
    An ECC private key
    Select the ECDSA or EDDSA Signature algorithm keyword.

If keyword ECDSA is specified in the rule array, the Elliptic Curve Digital Signature algorithm is used as the digital-signature hash formatting method. If keyword EDDSA is specified, the EdDSA algorithm and hashing method appropriate for Edwards curves is used. Otherwise, specify the optional digital-signature hash formatting method keyword in the rule array for the method used to generate the RSA digital signature.

Module-lattice-based digital signature algorithm (ML-DSA) is a method of generating and verifying signatures on messages, which can prove the identity and the integrity of the sender. ML-DSA is an algorithm that is based on hard mathematical problems that involve sets of points that form a regular grid in a high-dimensional space.

The Automated Cryptographic Validation Protocol (ACVP) defines a mechanism to automatically verify the cryptographic implementation of a software or hardware crypto module. ACVP is a network protocol for which the National Institute of Standards and Technology (NIST) provides a server using the protocol which produces test vectors, validates responses and, in the case of successful validation, issues certificates that can be used in support of the Cryptographic Module Validation Program’s (CMVP) FIPS 140-2 conformance validations.

Also refer to the following pages of the NIST:


ACVP
ACVP ML-DSA JSON Specification
Cryptographic Module Validation Program

Notes:

  1. This verb supports PCI-HSM 2016 compliant-tagged key tokens.
  2. The maximum signature length is 1024 bytes (8192 bits).