Keystore Crypto Token Algorithm Support

The following table of supported Key and Signature algorithms assumes the use of the PKCS#12 format, with the Bouncy Castle provider. Support for these algorithms may vary if other key storage formats are used.

Signature Algorithms

Algorithm Name	Also Known As	Comment
SHA1withRSA	RSASSA-PKCS_v1.5 using SHA1
SHA256withRSA	RSASSA-PKCS_v1.5 using SHA256
SHA384withRSA	RSASSA-PKCS_v1.5 using SHA384
SHA512withRSA	RSASSA-PKCS_v1.5 using SHA512
NONEwithRSA	RSASSA-PKCS_v1.5
SHA1withRSAandMGF1	RSASSA-PSS using SHA1
SHA256withRSAandMGF1	RSASSA-PSS using SHA256
SHA384withRSAandMGF1	RSASSA-PSS using SHA384
SHA512withRSAandMGF1	RSASSA-PSS using SHA512
SHA1withECDSA	ECDSA using SHA1
SHA256withECDSA	ECDSA using SHA256
SHA384withECDSA	ECDSA using SHA384
SHA512withECDSA	ECDSA using SHA512
NONEwithECDSA	ECDSA
Ed25519	Pure EdDSA with Edwards25519	Not supported yet
Ed448	Pure EdDSA with Edwards448	Not supported yet
ML-DSA-44	Pure ML-DSA-44
ML-DSA-65	Pure ML-DSA-65
ML-DSA-87	Pure ML-DSA-87
SLH-DSA-SHA2-128F	Pure SLH-DSA-SHA2-128F
SLH-DSA-SHA2-128S	Pure SLH-DSA-SHA2-128S
SLH-DSA-SHA2-192F	Pure SLH-DSA-SHA2-192F
SLH-DSA-SHA2-192S	Pure SLH-DSA-SHA2-192S
SLH-DSA-SHA2-256F	Pure SLH-DSA-SHA2-256F
SLH-DSA-SHA2-256S	Pure SLH-DSA-SHA2-256S
SLH-DSA-SHAKE-128F	Pure SLH-DSA-SHAKE-128F
SLH-DSA-SHAKE-128S	Pure SLH-DSA-SHAKE-128S
SLH-DSA-SHAKE-192F	Pure SLH-DSA-SHAKE-192F
SLH-DSA-SHAKE-192S	Pure SLH-DSA-SHAKE-192S
SLH-DSA-SHAKE-256F	Pure SLH-DSA-SHAKE-256F
SLH-DSA-SHAKE-256S	Pure SLH-DSA-SHAKE-256S

Key Algorithms

Algorithm Name	Key Specification	Comment
RSA	Just key length: 1024 2048 Key length and public exponent (some examples): 2048 exp 65537 2048 exp 5	Other key lengths are likely also working. For RSA it is possible to use a different exponent by suffixing the number with an "exp" followed by the exponent in decimal or prefixed with "0x" for hexadecimal. (see Crypto Token Generate Key Page) The default value for the exponent is 65537.
ECDSA	Named curves: secp256r1 / prime256v1 / P-256 secp384r1 secp521r1	More named curves are likely working.
ECDSA	Explicit parameters	A signer can be configured using the EXPLICTECC parameter (see Other Properties) to encode the EC parameters explicitly in the request. This goes for the supported named curves and a named curve is still needed when generating the key-pair. Certificates with explicit parameters can be stored in the token.
EdDSA	Ed25519 Ed448	Not supported yet
AES	128 256
ML-DSA	ML-DSA-44 ML-DSA-65 ML-DSA-87
SLH-DSA	SLH-DSA-SHA2-128F SLH-DSA-SHA2-128S SLH-DSA-SHA2-192F SLH-DSA-SHA2-192S SLH-DSA-SHA2-256F SLH-DSA-SHA2-256S SLH-DSA-SHAKE-128F SLH-DSA-SHAKE-128S SLH-DSA-SHAKE-192F SLH-DSA-SHAKE-192S SLH-DSA-SHAKE-256F SLH-DSA-SHAKE-256S

Composite Algorithms

For more information on composite algorithms, see SignServer Composite Certificates.

Quantum Safe Algorithm	RSASSA-PSS^*	ECDSA^*
ML-DSA-44	2048^**	P-256
ML-DSA-65	3082^, 4096^	P-256, P-384, brainpool P-256 r1
ML-DSA-87	3072^, 4096^	P-384, P-521, brainpool P-384 r1

^* ^{Only one of the classical algorithm can be mixed with the quantum safe algorithm per composite}
^**^{Only RSASSA-PSS is supported and not RSASSA-PKCS1_v1.5.}

Complete List of Composite Algorithm Support

Support	Signature Algorithm
	MLDSA44-RSA2048-PSS-SHA256
	MLDSA44-ECDSA-P256-SHA256
	MLDSA44-Ed25519-SHA512
	MLDSA65-RSA3072-PSS-SHA512
	MLDSA65-RSA4096-PSS-SHA512
	MLDSA65-ECDSA-P256-SHA512
	MLDSA65-ECDSA-P384-SHA512
	MLDSA65-ECDSA-brainpoolP256r1-SHA512
	MLDSA65-Ed25519-SHA512
	MLDSA87-RSA3072-PSS-SHA512
	MLDSA87-RSA4096-PSS-SHA512
	MLDSA87-ECDSA-P384-SHA512
	MLDSA87-ECDSA-P521-SHA512
	MLDSA87-ECDSA-brainpoolP384r1-SHA512
	MLDSA87-Ed448-SHAKE256