SIGN PSS

Sign data using RSA-PSS.

Description

Computes a digital signature using RSA-PSS on the provided data.

Shell Example

Sign what is in file data using key 0x79c3 and put the resulting signature in sig:

yubihsm> sign pss 0 0x79c3 rsa-pss-sha256 data sig

Protocol Details

Command

Tc = 0x55

Lc = 2 + 1 + 2 + LD

Vc = I || M || S || D

I := Object ID of the Asymmetric Key (2 bytes)

M := Hash Algorithm to use for MGF1

S := Salt len (2 bytes)

D := H (2 + L bytes, where L is the length of the hashed data)

The DSI of EMSA-PSS is as defined in RFC 3447:

DSI := EMSA-PSS-ENCODE(M, emBits, Hash, MGF, sLen).

Where Hash is a supported hash algorithm, MGF is a supported masking function and sLen is the length of the Salt.

The DSI is generated internally and only the Hash of the data and the Salt length are provided.

Response

Tr = 0xd5

Lr = LDS

Vr = DS

DS := Resulting signature