Sign-hash commands

This section covers commands that you use in SMCTL to sign a hash.

Sign-hash

Sign-hash commands begin with:

smctl sign sign-hash <keypair ID>

Subcommands

The sign-hash command supports these subcommands:

Table 1. Flag for managing hashing signing

Shortcut	Flag	Description
	--binary	Signature in binary (default is Base64).
	--file string	File path.
	--hash string	Base64 hash.
	--hash-algorithm string	Hash algorithm. (default "SHA-256")
	--non-decorate-signature	Skip ASN1 decoration for ECDSA signatures.
	--signature-algorithm string	Signature algorithm. (default "SHA256withRSA").
	--signature-file string	Signature file path.
-h	--help	Help for sign-hash commands.

Command example

Description: Sign hash.

Command:

smctl sign sign-hash --file <file path> --hash-algorithm <hash algorithm> --signature-algorithm <algorithm> <keypair ID> --signature-file <signature file path> --binary

Command sample:

smctl sign sign-hash --file UNSIGNED_JAR.jar --hash-algorithm SHA-512 --signature-algorithm MLDSA44 c16f3975-101b-4837-8de5-42160e791220 --signature-file mldsasign44.txt --binary

Hashes for generating signatures

The following hashes can be used for generating signatures:

RSA
- NONEWithRSA
- SHA1WithRSA
- SHA224WithRSA
- SHA256WithRSA
- SHA384WithRSA
- SHA512WithRSA
- SHA3-224WithRSA
- SHA3-256WithRSA
- SHA3-384WithRSA
- SHA3-512WithRSA
- NONEwithRSASSA-PSS
- SHA1WithRSA/PSS
- SHA224WithRSA/PSS
- SHA256WithRSA/PSS
- SHA384WithRSA/PSS
- SHA512WithRSA/PSS
- SHA3-224WithRSA/PSS
- SHA3-256WithRSA/PSS
- SHA3-384WithRSA/PSS
- SHA3-512WithRSA/PSS
SLHDSA
- SLHDSA
MLDSA
- MLDSA44
- MLDSA65
- MLDSA87
EdDSA
- Ed25519
- Ed25519ph
ECDSA
- NONEWithECDSA
- SHA1WithECDSA
- SHA224WithECDSA
- SHA256WithECDSA
- SHA384WithECDSA
- SHA512WithECDSA
- SHA3-224WithECDSA
- SHA3-256WithECDSA
- SHA3-384WithECDSA
- SHA3-512WithECDSA