.png){kind=logo}
Keystore Crypto Token Algorithm Support
The following table of supported Key and Signature algorithms assumes the use of the PKCS#12 format, with the Bouncy Castle provider. Support for these algorithms may vary if other key storage formats are used.
Signature Algorithms
Support | Algorithm Name | Also Known As | Comment |
|---|---|---|---|
| SHA1withRSA | RSASSA-PKCS_v1.5 using SHA1 | |
| SHA256withRSA | RSASSA-PKCS_v1.5 using SHA256 | |
| SHA384withRSA | RSASSA-PKCS_v1.5 using SHA384 | |
| SHA512withRSA | RSASSA-PKCS_v1.5 using SHA512 | |
| NONEwithRSA | RSASSA-PKCS_v1.5 | |
| SHA1withRSAandMGF1 | RSASSA-PSS using SHA1 | |
| SHA256withRSAandMGF1 | RSASSA-PSS using SHA256 | |
| SHA384withRSAandMGF1 | RSASSA-PSS using SHA384 | |
| SHA512withRSAandMGF1 | RSASSA-PSS using SHA512 | |
| SHA1withECDSA | ECDSA using SHA1 | |
| SHA256withECDSA | ECDSA using SHA256 | |
| SHA384withECDSA | ECDSA using SHA384 | |
| SHA512withECDSA | ECDSA using SHA512 | |
| NONEwithECDSA | ECDSA | |
| Ed25519 | Pure EdDSA with Edwards25519 | Not supported yet |
| Ed448 | Pure EdDSA with Edwards448 | Not supported yet |
| ML-DSA-44 | Pure ML-DSA-44 |
|
| ML-DSA-65 | Pure ML-DSA-65 |
|
| ML-DSA-87 | Pure ML-DSA-87 |
|
| SLH-DSA-SHA2-128F | Pure SLH-DSA-SHA2-128F | |
| SLH-DSA-SHA2-128S | Pure SLH-DSA-SHA2-128S | |
| SLH-DSA-SHA2-192F | Pure SLH-DSA-SHA2-192F |
|
| SLH-DSA-SHA2-192S | Pure SLH-DSA-SHA2-192S |
|
| SLH-DSA-SHA2-256F | Pure SLH-DSA-SHA2-256F |
|
| SLH-DSA-SHA2-256S | Pure SLH-DSA-SHA2-256S |
|
| SLH-DSA-SHAKE-128F | Pure SLH-DSA-SHAKE-128F |
|
| SLH-DSA-SHAKE-128S | Pure SLH-DSA-SHAKE-128S |
|
| SLH-DSA-SHAKE-192F | Pure SLH-DSA-SHAKE-192F |
|
| SLH-DSA-SHAKE-192S | Pure SLH-DSA-SHAKE-192S |
|
| SLH-DSA-SHAKE-256F | Pure SLH-DSA-SHAKE-256F | |
| SLH-DSA-SHAKE-256S | Pure SLH-DSA-SHAKE-256S |
Key Algorithms
Support | Algorithm Name | Key Specification | Comment |
|---|---|---|---|
| RSA | Just key length:
Key length and public exponent (some examples):
| Other key lengths are likely also working. For RSA it is possible to use a different exponent by suffixing the number with an "exp" followed by the exponent in decimal or prefixed with "0x" for hexadecimal. (see Crypto Token Generate Key Page) The default value for the exponent is 65537. |
| ECDSA | Named curves:
| More named curves are likely working. |
| ECDSA | Explicit parameters | A signer can be configured using the EXPLICTECC parameter (see Other Properties) to encode the EC parameters explicitly in the request. This goes for the supported named curves and a named curve is still needed when generating the key-pair. Certificates with explicit parameters can be stored in the token. |
| EdDSA | Ed25519 | Not supported yet |
| AES | 128 | |
| ML-DSA | ML-DSA-44 ML-DSA-65 ML-DSA-87 |
|
| SLH-DSA | SLH-DSA-SHA2-128F SLH-DSA-SHA2-128S SLH-DSA-SHA2-192F SLH-DSA-SHA2-192S SLH-DSA-SHA2-256F SLH-DSA-SHA2-256S SLH-DSA-SHAKE-128F SLH-DSA-SHAKE-128S SLH-DSA-SHAKE-192F SLH-DSA-SHAKE-192S SLH-DSA-SHAKE-256F SLH-DSA-SHAKE-256S |
Composite Algorithms
For more information on composite algorithms, see SignServer Composite Certificates.
Quantum Safe Algorithm | RSASSA-PSS* | ECDSA* |
|---|---|---|
ML-DSA-44 | 2048** | P-256 |
ML-DSA-65 | 3082**, 4096** | P-256, P-384, brainpool P-256 r1 |
ML-DSA-87 | 3072**, 4096** | P-384, P-521, brainpool P-384 r1 |
* Only one of the classical algorithm can be mixed with the quantum safe algorithm per composite
** Only RSASSA-PSS is supported and not RSASSA-PKCS1_v1.5.
Complete List of Composite Algorithm Support
Support | Signature Algorithm |
|---|---|
| MLDSA44-RSA2048-PSS-SHA256 |
| MLDSA44-ECDSA-P256-SHA256 |
| MLDSA44-Ed25519-SHA512 |
| MLDSA65-RSA3072-PSS-SHA512 |
| MLDSA65-RSA4096-PSS-SHA512 |
| MLDSA65-ECDSA-P256-SHA512 |
| MLDSA65-ECDSA-P384-SHA512 |
| MLDSA65-ECDSA-brainpoolP256r1-SHA512 |
| MLDSA65-Ed25519-SHA512 |
| MLDSA87-RSA3072-PSS-SHA512 |
| MLDSA87-RSA4096-PSS-SHA512 |
| MLDSA87-ECDSA-P384-SHA512 |
| MLDSA87-ECDSA-P521-SHA512 |
| MLDSA87-ECDSA-brainpoolP384r1-SHA512 |
| MLDSA87-Ed448-SHAKE256 |
