.png){kind=logo}
The following lists algorithm support for the Plain Signer.
The signer also relies on support for the algorithm in the Crypto Token used. Ensure that the desired algorithm is supported by the configured crypto token.
The following lists supported algorithms that are tested and known to work with a Crypto Token supporting it and therefore the list may not be complete.
Signature Algorithms
|
Support |
Algorithm Name |
Also Known As |
Comment |
|---|---|---|---|
|
|
SHA1withECDSA |
ECDSA using SHA1 |
|
|
|
SHA256withECDSA |
ECDSA using SHA256 |
|
|
|
SHA384withECDSA |
ECDSA using SHA384 |
|
|
|
SHA512withECDSA |
ECDSA using SHA512 |
|
|
|
NONEwithECDSA |
ECDSA |
See Code Signing with Client-side Hashing for what the input should be. |
|
|
Ed25519 |
Pure EdDSA with Edwards25519 |
|
|
|
Ed448 |
Pure EdDSA with Edwards448 |
|
|
|
SHA1withRSA |
RSASSA-PKCS1_v1.5 using SHA1 |
|
|
|
SHA256withRSA |
RSASSA-PKCS1_v1.5 using SHA256 |
|
|
|
SHA384withRSA |
RSASSA-PKCS1_v1.5 using SHA384 |
|
|
|
SHA512withRSA |
RSASSA-PKCS1_v1.5 using SHA512 |
|
|
|
NONEwithRSA |
RSASSA-PKCS1_v1.5 |
See Code Signing with Client-side Hashing since special encoding of the request might be needed unless client-side hashing is specified explicitly in request metadata. |
|
|
SHA1withRSAandMGF1 |
RSASSA-PSS using SHA1 |
|
|
|
SHA256withRSAandMGF1 |
RSASSA-PSS using SHA256 |
|
|
|
SHA384withRSAandMGF1 |
RSASSA-PSS using SHA384 |
|
|
|
SHA512withRSAandMGF1 |
RSASSA-PSS using SHA512 |
|
|
|
NONEwithRSAandMGF1 |
RSASSA-PSS |
See Code Signing with Client-side Hashing since request metadata might be needed with the request. |
|
|
ML-DSA-44 |
Pure ML-DSA-44 |
|
|
|
ML-DSA-65 |
Pure ML-DSA-65 |
|
|
|
ML-DSA-87 |
Pure ML-DSA-87 |
|
|
|
ML-DSA-EXTERNAL-MU |
ML-DSA External μ |
See the ML-DSA External μ section under Code Signing with Client-side Hashing for details. |
|
|
SLH-DSA-SHA2-128F |
Pure SLH-DSA-SHA2-128F |
|
|
|
SLH-DSA-SHA2-128S |
Pure SLH-DSA-SHA2-128S |
|
|
|
SLH-DSA-SHA2-192F |
Pure SLH-DSA-SHA2-192F |
|
|
|
SLH-DSA-SHA2-192S |
Pure SLH-DSA-SHA2-192S |
|
|
|
SLH-DSA-SHA2-256F |
Pure SLH-DSA-SHA2-256F |
|
|
|
SLH-DSA-SHA2-256S |
Pure SLH-DSA-SHA2-256S |
|
|
|
SLH-DSA-SHAKE-128F |
Pure SLH-DSA-SHAKE-128F |
|
|
|
SLH-DSA-SHAKE-128S |
Pure SLH-DSA-SHAKE-128S |
|
|
|
SLH-DSA-SHAKE-192F |
Pure SLH-DSA-SHAKE-192F |
|
|
|
SLH-DSA-SHAKE-192S |
Pure SLH-DSA-SHAKE-192S |
|
|
|
SLH-DSA-SHAKE-256F |
Pure SLH-DSA-SHAKE-256F |
|
|
|
SLH-DSA-SHAKE-256S |
Pure SLH-DSA-SHAKE-256S |
|
Digest Algorithms Supported with Explicit Client-Side Hashing
|
Support |
Algorithm Name |
|---|---|
|
|
SHA1 |
|
|
SHA256 |
|
|
SHA384 |
|
|
SHA512 |
Composite Algorithms
For more information on composite algorithms, see SignServer Composite Certificates.
|
Support |
Signature Algorithm |
|---|---|
|
|
MLDSA44-RSA2048-PSS-SHA256 |
|
|
MLDSA44-ECDSA-P256-SHA256 |
|
|
MLDSA44-Ed25519-SHA512 |
|
|
MLDSA65-RSA3072-PSS-SHA512 |
|
|
MLDSA65-RSA4096-PSS-SHA512 |
|
|
MLDSA65-ECDSA-P256-SHA512 |
|
|
MLDSA65-ECDSA-P384-SHA512 |
|
|
MLDSA65-ECDSA-brainpoolP256r1-SHA512 |
|
|
MLDSA65-Ed25519-SHA512 |
|
|
MLDSA87-RSA3072-PSS-SHA512 |
|
|
MLDSA87-RSA4096-PSS-SHA512 |
|
|
MLDSA87-ECDSA-P384-SHA512 |
|
|
MLDSA87-ECDSA-P521-SHA512 |
|
|
MLDSA87-ECDSA-brainpoolP384r1-SHA512 |
|
|
MLDSA87-Ed448-SHAKE256 |