Sign data using RSA-PSS.


Computes a digital signature using RSA-PSS on the provided data.

Shell Example

Sign what is in file data using key 0x79c3 and put the resulting signature in sig:

yubihsm> sign pss 0 0x79c3 rsa-pss-sha256 data sig

Protocol Details


Tc = 0x55

Lc = 2 + 1 + 2 + LD

Vc = I || M || S || D

I := Object ID of the Asymmetric Key (2 bytes)

M := Hash Algorithm to use for MGF1

S := Salt len (2 bytes)

D := Hashed data (20, 32, 48 or 64 bytes)

The DSI of EMSA-PSS is as defined in RFC 3447:

DSI := EMSA-PSS-ENCODE(M, emBits, Hash, MGF, sLen).

Where Hash is a supported hash algorithm, MGF is a supported masking function and sLen is the length of the Salt.

The DSI is generated internally and only the Hash of the data and the Salt length are provided.


Tr = 0xd5

Lr = LDS

Vr = DS

DS := Resulting signature