Device Trust Manager various cryptographic key types and signature algorithms for certificate issuance. This article details the supported key types and their corresponding signature algorithms.
Device Trust Manager supports the following key types:
RSA (Rivest-Shamir-Adleman)
RSA is one of the most widely used asymmetric cryptographic algorithms, offering strong security and broad compatibility. It is commonly used in TLS certificates, code signing, and secure email.
Supported RSA key sizes:
RSA 1024
RSA 2048
RSA 3072
RSA 4096
ECDSA (Elliptic Curve Digital Signature Algorithm)
ECDSA is a cryptographic algorithm that offers robust security while utilizing smaller key sizes than RSA. This makes it particularly efficient and suitable for use in embedded systems and mobile devices.
Supported ECDSA key sizes:
ECDSA P256
ECDSA P384
ECDSA P521
Edwards Curve (Ed25519)
Ed25519 is an elliptic curve algorithm designed for high-performance and high-security digital signatures. It is widely used in modern cryptographic applications for its speed and resilience against side-channel attacks.
The supported key type is ED25519
ML-DSA (Multi-Layer Digital Signature Algorithm)
ML-DSA is a post-quantum cryptographic algorithm designed to resist attacks from quantum computers while providing strong security assurances.
Supported ML-DSA key sizes:
MLDSA-44
MLDSA-65
MLDSA-87
Device Trust Manager supports the following signature algorithms for certificates:
Signature Algorithm | Description |
|---|---|
sha1WithRSA | RSA signature using SHA-1 (deprecated due to security vulnerabilities) |
sha256WithRSA | RSA signature using SHA-256 |
sha384WithRSA | RSA signature using SHA-384 |
sha512WithRSA | RSA signature using SHA-512 |
sha256WithECDSA | ECDSA signature using SHA-256 |
sha384WithECDSA | ECDSA signature using SHA-384 |
sha512WithECDSA | ECDSA signature using SHA-512 |
sha3_256WithRSA | RSA signature using SHA3-256 |
sha3_384WithRSA | RSA signature using SHA3-384 |
sha3_512WithRSA | RSA signature using SHA3-512 |
pureEd25519 | Ed25519 signature using a pure implementation |
hashedEd25519 | Ed25519 signature using a hashed approach |
MLDSA-44 | ML-DSA signature using the MLDSA-44 parameter set |
MLDSA-65 | ML-DSA signature using the MLDSA-65 parameter set |
MLDSA-87 | ML-DSA signature using the MLDSA-87 parameter set |
참고
SHA-1-based algorithms (sha1WithRSA) are not recommended due to known security weaknesses.
Post-quantum algorithms such as ML-DSA provide long-term resistance against quantum computing threats.