1e41f4b71Sopenharmony_ci# Signing and Signature Verification Overview and Algorithm Specifications 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciThe digital signature can be used to verify whether the data came from the stated sender and has been changed. 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ciThis topic describes the supported algorithms and specifications for signing and signature verification. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ci> **NOTE** 11e41f4b71Sopenharmony_ci> 12e41f4b71Sopenharmony_ci> Currently, the C/C++ APIs support signature verification but not signing. 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci## RSA 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ciThe Crypto framework supports the following padding modes for RSA signing and signature verification: 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci- [PKCS1](#pkcs1): RSAES-PKCS1-V1_5 mode in RFC3447, corresponding to RSA_PKCS1_PADDING in OpenSSL. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci When this padding mode is used, the message digest (**md**) must be set, and the length of the MD must be less than that of the RSA modulus **n**, in bytes. 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci- [PSS](#pss): RSASSA-PSS mode in RFC 3447, corresponding to RSA_PKCS1_PSS_PADDING in OpenSSL. 23e41f4b71Sopenharmony_ci 24e41f4b71Sopenharmony_ci If this padding mode is used, two message digests (**md** and **mgf1_md**) must be set, and the total length of **md** and **mgf1_md** must be less than the length of the RSA key modulus. 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci You can also set the salt length **saltLen** to obtain PSS-related parameters. 27e41f4b71Sopenharmony_ci 28e41f4b71Sopenharmony_ci | PSS-related Parameter | Description | 29e41f4b71Sopenharmony_ci | -------- | -------- | 30e41f4b71Sopenharmony_ci | md | MD algorithm. | 31e41f4b71Sopenharmony_ci | mgf | Mask generation function. Currently, only MGF1 is supported. | 32e41f4b71Sopenharmony_ci | mgf1_md | MD algorithm used in MGF1. | 33e41f4b71Sopenharmony_ci | saltLen | Salt length, in bites. | 34e41f4b71Sopenharmony_ci | trailer_field | Integer used for encoding. The value can only be **1**. | 35e41f4b71Sopenharmony_ci 36e41f4b71Sopenharmony_ci> **NOTE** 37e41f4b71Sopenharmony_ci> 38e41f4b71Sopenharmony_ci> It takes time to generate an RSA2048, RSA3072, RSA4096, or RSA8192 asymmetric key pair or when the plaintext length exceeds 2048 bits. Since the execution of the main thread has a time limit, the operation may fail if you use a synchronous API. You are advised to use asynchronous APIs or use [multithread concurrent tasks](../../arkts-utils/multi-thread-concurrency-overview.md) to generate a key of a large size. 39e41f4b71Sopenharmony_ci> 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci### PKCS1 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_ciWhen creating an RSA asymmetric signing (**Sign**) or signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type, padding mode PKCS1, and MD algorithm with a vertical bar (|) in between. 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **RSA512**, the padding mode is **PKCS1**, and the MD algorithm is **MD5**, the string parameter is **RSA512|PKCS1|MD5**. 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci> **NOTE** 48e41f4b71Sopenharmony_ci> In RSA signing and signature verification, the MD length must be less than the length of the RSA modulus (**n**). For example, if the RSA key is 512 bits, SHA512 cannot be used. 49e41f4b71Sopenharmony_ci 50e41f4b71Sopenharmony_ci| Asymmetric Key Type | Padding Mode | MD Algorithm | API Version | 51e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 52e41f4b71Sopenharmony_ci| RSA512 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256] | 9+ | 53e41f4b71Sopenharmony_ci| RSA768 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 54e41f4b71Sopenharmony_ci| RSA1024 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 55e41f4b71Sopenharmony_ci| RSA2048 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 56e41f4b71Sopenharmony_ci| RSA3072 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 57e41f4b71Sopenharmony_ci| RSA4096 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 58e41f4b71Sopenharmony_ci| RSA8192 | PKCS1 | [MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 59e41f4b71Sopenharmony_ci| RSA | PKCS1 | MD algorithm that meets the length requirements | 10+ | 60e41f4b71Sopenharmony_ci 61e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the RSA key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signing or signature verification operation varies depending on the actual key length. 62e41f4b71Sopenharmony_ci 63e41f4b71Sopenharmony_ci 64e41f4b71Sopenharmony_ci### PSS 65e41f4b71Sopenharmony_ci 66e41f4b71Sopenharmony_ciWhen creating an RSA asymmetric signing (**Sign**) or signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type, padding mode PSS, MD, and mask digest with a vertical bar (|) in between. 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **RSA2048**, the padding mode is **PSS**, the MD algorithm is **SHA256**, and the mask digest is **MGF1_SHA256**, the string parameter is **RSA2048|PSS|SHA256|MGF1\_SHA256**. 69e41f4b71Sopenharmony_ci 70e41f4b71Sopenharmony_ci> **NOTE** 71e41f4b71Sopenharmony_ci> If PSS padding mode is used in RSA signing or signature verification, the total length of **md** and **mgf1_md** must be less than the length of the RSA modulus. For example, if the RSA key is 512 bits, **md** and **mgf1_md** cannot be **SHA256** at the same time. 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ci| Asymmetric Key Type | Padding Mode | MD | Mask Digest | API Version | 74e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | -------- | 75e41f4b71Sopenharmony_ci| RSA512 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256] | 9+ | 76e41f4b71Sopenharmony_ci| RSA512 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256] | 9+ | 77e41f4b71Sopenharmony_ci| RSA512 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256] | 9+ | 78e41f4b71Sopenharmony_ci| RSA512 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224] | 9+ | 79e41f4b71Sopenharmony_ci| RSA768 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 80e41f4b71Sopenharmony_ci| RSA768 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 81e41f4b71Sopenharmony_ci| RSA768 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 82e41f4b71Sopenharmony_ci| RSA768 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384] | 9+ | 83e41f4b71Sopenharmony_ci| RSA768 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256] | 9+ | 84e41f4b71Sopenharmony_ci| RSA768 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224] | 9+ | 85e41f4b71Sopenharmony_ci| RSA1024 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 86e41f4b71Sopenharmony_ci| RSA1024 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 87e41f4b71Sopenharmony_ci| RSA1024 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 88e41f4b71Sopenharmony_ci| RSA1024 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 89e41f4b71Sopenharmony_ci| RSA1024 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 90e41f4b71Sopenharmony_ci| RSA1024 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384] | 9+ | 91e41f4b71Sopenharmony_ci| RSA2048 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 92e41f4b71Sopenharmony_ci| RSA2048 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 93e41f4b71Sopenharmony_ci| RSA2048 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 94e41f4b71Sopenharmony_ci| RSA2048 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 95e41f4b71Sopenharmony_ci| RSA2048 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 96e41f4b71Sopenharmony_ci| RSA2048 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 97e41f4b71Sopenharmony_ci| RSA3072 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 98e41f4b71Sopenharmony_ci| RSA3072 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 99e41f4b71Sopenharmony_ci| RSA3072 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 100e41f4b71Sopenharmony_ci| RSA3072 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 101e41f4b71Sopenharmony_ci| RSA3072 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 102e41f4b71Sopenharmony_ci| RSA3072 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 103e41f4b71Sopenharmony_ci| RSA4096 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 104e41f4b71Sopenharmony_ci| RSA4096 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 105e41f4b71Sopenharmony_ci| RSA4096 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 106e41f4b71Sopenharmony_ci| RSA4096 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 107e41f4b71Sopenharmony_ci| RSA4096 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 108e41f4b71Sopenharmony_ci| RSA4096 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 109e41f4b71Sopenharmony_ci| RSA8192 | PSS | MD5 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 110e41f4b71Sopenharmony_ci| RSA8192 | PSS | SHA1 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 111e41f4b71Sopenharmony_ci| RSA8192 | PSS | SHA224 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 112e41f4b71Sopenharmony_ci| RSA8192 | PSS | SHA256 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 113e41f4b71Sopenharmony_ci| RSA8192 | PSS | SHA384 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 114e41f4b71Sopenharmony_ci| RSA8192 | PSS | SHA512 | [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512] | 9+ | 115e41f4b71Sopenharmony_ci| RSA | PSS | MD algorithm that meets the length requirements | MGF1_ MD algorithm that meets the length requirements | 10+ | 116e41f4b71Sopenharmony_ci 117e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the RSA key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signing or signature verification operation varies depending on the actual key length. 118e41f4b71Sopenharmony_ci 119e41f4b71Sopenharmony_ci 120e41f4b71Sopenharmony_ci### Getting and Setting of PSS Parameters 121e41f4b71Sopenharmony_ci 122e41f4b71Sopenharmony_ciThe following table lists the parameters that can be set or obtained when the PSS mode is used. The symbol "√" indicates that the parameter can be obtained or set. 123e41f4b71Sopenharmony_ci 124e41f4b71Sopenharmony_ci| PSS Parameter | Value | Get | Set | 125e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 126e41f4b71Sopenharmony_ci| md | PSS_MD_NAME_STR | √ | - | 127e41f4b71Sopenharmony_ci| mgf | PSS_MGF_NAME_STR | √ | - | 128e41f4b71Sopenharmony_ci| mgf1_md | PSS_MGF1_MD_STR | √ | - | 129e41f4b71Sopenharmony_ci| saltLen | PSS_SALT_LEN_NUM | √ | √ | 130e41f4b71Sopenharmony_ci| trailer_field | PSS_TRAILER_FIELD_NUM | √ | - | 131e41f4b71Sopenharmony_ci 132e41f4b71Sopenharmony_ci 133e41f4b71Sopenharmony_ci### Signing Mode OnlySign 134e41f4b71Sopenharmony_ci 135e41f4b71Sopenharmony_ciThe Crypto framework provides RSA signing without MD. 136e41f4b71Sopenharmony_ci 137e41f4b71Sopenharmony_ciWhen creating an RSA asymmetric signing (**Sign**) instance, you need to specify the signing specifications in a string parameter. The string parameter consists of the asymmetric key type, padding mode, MD algorithm, and signing mode with a vertical bar (|) in between. 138e41f4b71Sopenharmony_ci 139e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **RSA2048**, the padding mode is **PKCS1**, the MD algorithm is **SHA256**, and the signing mode is **OnlySign**, the string parameter is **RSA2048|PKCS1|SHA256|OnlySign**. 140e41f4b71Sopenharmony_ci 141e41f4b71Sopenharmony_ci> **NOTE** 142e41f4b71Sopenharmony_ci> When the RSA is used for signing only, the length of the data to be signed must meet the following requirements: 143e41f4b71Sopenharmony_ci> 144e41f4b71Sopenharmony_ci> 1. If the padding mode is **PKCS1** and no MD algorithm is set (**NoHash**), the data must be less than the RSA key length minus 11 (PKCS #1 padding length). 145e41f4b71Sopenharmony_ci> 2. If the padding mode is **PKCS1** and an MD algorithm is set, the data to be signed must be the MD data. 146e41f4b71Sopenharmony_ci> 3. If the padding mode is **NoPadding** and no MD algorithm is set (**NoHash**), the length of the data to be signed must be the same as that of the RSA key and the value must be less than the RSA modulus. 147e41f4b71Sopenharmony_ci 148e41f4b71Sopenharmony_ci| Asymmetric Key Type | Padding Mode | MD Algorithm | Signing Mode | API Version | 149e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | -------- | 150e41f4b71Sopenharmony_ci| RSA512 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256] | OnlySign | 12+ | 151e41f4b71Sopenharmony_ci| RSA768 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 152e41f4b71Sopenharmony_ci| RSA1024 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 153e41f4b71Sopenharmony_ci| RSA2048 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 154e41f4b71Sopenharmony_ci| RSA3072 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 155e41f4b71Sopenharmony_ci| RSA4096 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 156e41f4b71Sopenharmony_ci| RSA8192 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | OnlySign | 12+ | 157e41f4b71Sopenharmony_ci| [RSA512\|RSA768\|RSA1024\|RSA2048\|RSA3072\|RSA4096\|RSA8192\|RSA] | NoPadding | NoHash | OnlySign | 12+ | 158e41f4b71Sopenharmony_ci| RSA | PKCS1 | MD algorithm that meets the length requirements | OnlySign | 12+ | 159e41f4b71Sopenharmony_ci 160e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the RSA key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signing operation varies depending on the actual key length. 161e41f4b71Sopenharmony_ci 162e41f4b71Sopenharmony_ci 163e41f4b71Sopenharmony_ci### Signature Verification Mode Recover 164e41f4b71Sopenharmony_ci 165e41f4b71Sopenharmony_ciThe Crypto framework provides the functionality of recovering the original data based on an RSA signature. 166e41f4b71Sopenharmony_ci 167e41f4b71Sopenharmony_ciWhen creating an RSA signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type, padding mode, MD algorithm, and signature verification mode with a vertical bar (|) in between. 168e41f4b71Sopenharmony_ci 169e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **RSA2048**, the padding mode is **PKCS1**, the MD algorithm is **SHA256**, and the signature verification mode is **Recover**, the string parameter is **RSA2048|PKCS1|SHA256|Recover**. 170e41f4b71Sopenharmony_ci 171e41f4b71Sopenharmony_ci| Asymmetric Key Type | Padding Mode | MD Algorithm | Signing Mode | API Version | 172e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | -------- | 173e41f4b71Sopenharmony_ci| RSA512 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256] | Recover | 12+ | 174e41f4b71Sopenharmony_ci| RSA768 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 175e41f4b71Sopenharmony_ci| RSA1024 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 176e41f4b71Sopenharmony_ci| RSA2048 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 177e41f4b71Sopenharmony_ci| RSA3072 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 178e41f4b71Sopenharmony_ci| RSA4096 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 179e41f4b71Sopenharmony_ci| RSA8192 | PKCS1 | [NoHash\|MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | Recover | 12+ | 180e41f4b71Sopenharmony_ci| [RSA512\|RSA768\|RSA1024\|RSA2048\|RSA3072\|RSA4096\|RSA8192\|RSA] | NoPadding | NoHash | Recover | 12+ | 181e41f4b71Sopenharmony_ci| RSA | PKCS1 | MD algorithm that meets the length requirements | Recover | 12+ | 182e41f4b71Sopenharmony_ci 183e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the RSA key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signature restore operation varies depending on the actual key length. 184e41f4b71Sopenharmony_ci 185e41f4b71Sopenharmony_ci 186e41f4b71Sopenharmony_ci## ECDSA 187e41f4b71Sopenharmony_ci 188e41f4b71Sopenharmony_ciElliptic Curve Digital Signature Algorithm (ECDSA) is a digital signature algorithm (DSA) based on Elliptic Curve Cryptography (ECC). Compared with the ordinary Discrete Logarithm Problem (DLP) and Integer Factorization Problem (IFP), the ECC provides a higher unit bit strength than other public-key cryptographic systems. 189e41f4b71Sopenharmony_ci 190e41f4b71Sopenharmony_ciThe Crypto Framework provides ECDSA signing and signature verification capabilities that combine a variety of elliptic curves and digest algorithms. 191e41f4b71Sopenharmony_ci 192e41f4b71Sopenharmony_ciWhen creating an ECDSA asymmetric signing (**Sign**) or signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type and MD with a vertical bar (|) in between. 193e41f4b71Sopenharmony_ci 194e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **ECC224** and the MD algorithm is **SHA256**, the string parameter is **ECC224|SHA256**. 195e41f4b71Sopenharmony_ci 196e41f4b71Sopenharmony_ci| Asymmetric Key Type | MD | API Version | 197e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 198e41f4b71Sopenharmony_ci| ECC224 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 199e41f4b71Sopenharmony_ci| ECC256 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 200e41f4b71Sopenharmony_ci| ECC384 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 201e41f4b71Sopenharmony_ci| ECC521 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 9+ | 202e41f4b71Sopenharmony_ci| ECC_BrainPoolP160r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 203e41f4b71Sopenharmony_ci| ECC_BrainPoolP160t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 204e41f4b71Sopenharmony_ci| ECC_BrainPoolP192r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 205e41f4b71Sopenharmony_ci| ECC_BrainPoolP192t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 206e41f4b71Sopenharmony_ci| ECC_BrainPoolP224r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 207e41f4b71Sopenharmony_ci| ECC_BrainPoolP224t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 208e41f4b71Sopenharmony_ci| ECC_BrainPoolP256r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 209e41f4b71Sopenharmony_ci| ECC_BrainPoolP256t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 210e41f4b71Sopenharmony_ci| ECC_BrainPoolP320r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 211e41f4b71Sopenharmony_ci| ECC_BrainPoolP320t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 212e41f4b71Sopenharmony_ci| ECC_BrainPoolP384r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 213e41f4b71Sopenharmony_ci| ECC_BrainPoolP384t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 214e41f4b71Sopenharmony_ci| ECC_BrainPoolP512r1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 215e41f4b71Sopenharmony_ci| ECC_BrainPoolP512t1 | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 11+ | 216e41f4b71Sopenharmony_ci| ECC | [SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 10+ | 217e41f4b71Sopenharmony_ci 218e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the key type without the key length and curve name to ensure compatibility with the key generated based on the key parameter. In this case, the signing or signature verification operation varies depending on the actual key length. 219e41f4b71Sopenharmony_ci 220e41f4b71Sopenharmony_ci 221e41f4b71Sopenharmony_ci## DSA 222e41f4b71Sopenharmony_ci 223e41f4b71Sopenharmony_ciThe Digital Signature Algorithm (DSA) stands out with great compatibility and applicability. 224e41f4b71Sopenharmony_ci 225e41f4b71Sopenharmony_ciWhen creating a DSA asymmetric signing (**Sign**) or signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type and MD with a vertical bar (|) in between. 226e41f4b71Sopenharmony_ci 227e41f4b71Sopenharmony_ciIn the following table, the options included in the square brackets ([]) are mutually exclusive. You can use only one of them in a string parameter. For example, if the asymmetric key type is **DSA1024** and the MD algorithm is **SHA256**, the string parameter is **DSA1024|SHA256**. 228e41f4b71Sopenharmony_ci 229e41f4b71Sopenharmony_ci| Asymmetric Key Type | MD | API Version | 230e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 231e41f4b71Sopenharmony_ci| DSA1024 | [NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 10+ | 232e41f4b71Sopenharmony_ci| DSA2048 | [NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 10+ | 233e41f4b71Sopenharmony_ci| DSA3072 | [NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 10+ | 234e41f4b71Sopenharmony_ci| DSA | [NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512] | 10+ | 235e41f4b71Sopenharmony_ci 236e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the DSA key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signing or signature verification operation varies depending on the actual key length. 237e41f4b71Sopenharmony_ci 238e41f4b71Sopenharmony_ci> **NOTE** 239e41f4b71Sopenharmony_ci> 240e41f4b71Sopenharmony_ci> If DSA is used with the digest algorithm **NoHash**, signing or signature verification by segment is not supported. 241e41f4b71Sopenharmony_ci 242e41f4b71Sopenharmony_ci 243e41f4b71Sopenharmony_ci## SM2 244e41f4b71Sopenharmony_ci 245e41f4b71Sopenharmony_ciSM2 is a digital signature algorithm based on ECC. 246e41f4b71Sopenharmony_ci 247e41f4b71Sopenharmony_ciWhen creating an SM2 asymmetric signing (**Sign**) or signature verification (**Verify**) instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the asymmetric key type and MD with a vertical bar (|) in between. 248e41f4b71Sopenharmony_ci 249e41f4b71Sopenharmony_ciCurrently, SM2 signing support only SM3. 250e41f4b71Sopenharmony_ci 251e41f4b71Sopenharmony_ci| Asymmetric Key Type | MD | String Parameter | API Version | 252e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 253e41f4b71Sopenharmony_ci| SM2_256 | SM3 | SM2_256\|SM3 | 10+ | 254e41f4b71Sopenharmony_ci| SM2 | SM3 | SM2\|SM3 | 10+ | 255e41f4b71Sopenharmony_ci 256e41f4b71Sopenharmony_ciAs indicated by the last row in the preceding table, you can specify the SM2 key type without the key length to ensure compatibility with the key generated based on the key parameter. In this case, the signing or signature verification operation varies depending on the actual key length. 257e41f4b71Sopenharmony_ci 258e41f4b71Sopenharmony_ci 259e41f4b71Sopenharmony_ci## Ed25519 260e41f4b71Sopenharmony_ci 261e41f4b71Sopenharmony_ciEd25519 is a signing and signature verification algorithm based on the ECC. 262e41f4b71Sopenharmony_ci 263e41f4b71Sopenharmony_ciWhen creating an Ed25519 asymmetric signing (Sign) or signature verification (Verify) instance, you need to specify the algorithm specifications in a string parameter. 264e41f4b71Sopenharmony_ci 265e41f4b71Sopenharmony_ci| Asymmetric Key Type | String Parameter | API Version | 266e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 267e41f4b71Sopenharmony_ci| Ed25519 | Ed25519 | 11+ | 268