Sign-hash commands
This section covers commands that you use in SMCTL to sign a hash.
Sign-hash
Sign-hash commands begin with:
smctl sign sign-hash <keypair ID>
Subcommands
The sign-hash command supports these subcommands:
Shortcut | Flag | Description |
---|---|---|
--binary | Signature in binary (default is Base64). | |
--file string | File path. | |
--hash string | Base64 hash. | |
--hash-algorithm string | Hash algorithm. (default "SHA-256") | |
--non-decorate-signature | Skip ASN1 decoration for ECDSA signatures. | |
--signature-algorithm string | Signature algorithm. (default "SHA256withRSA"). | |
--signature-file string | Signature file path. | |
-h | --help | Help for sign-hash commands. |
Command example
Description: Sign hash.
Command:
smctl sign sign-hash --file <file path> --hash-algorithm <hash algorithm> --signature-algorithm <algorithm> <keypair ID> --signature-file <signature file path> --binary
Command sample:
smctl sign sign-hash --file UNSIGNED_JAR.jar --hash-algorithm SHA-512 --signature-algorithm MLDSA44 c16f3975-101b-4837-8de5-42160e791220 --signature-file mldsasign44.txt --binary
Hashes for generating signatures
The following hashes can be used for generating signatures:
RSA
NONEWithRSA
SHA1WithRSA
SHA224WithRSA
SHA256WithRSA
SHA384WithRSA
SHA512WithRSA
SHA3-224WithRSA
SHA3-256WithRSA
SHA3-384WithRSA
SHA3-512WithRSA
NONEwithRSASSA-PSS
SHA1WithRSA/PSS
SHA224WithRSA/PSS
SHA256WithRSA/PSS
SHA384WithRSA/PSS
SHA512WithRSA/PSS
SHA3-224WithRSA/PSS
SHA3-256WithRSA/PSS
SHA3-384WithRSA/PSS
SHA3-512WithRSA/PSS
SLHDSA
SLHDSA
MLDSA
MLDSA44
MLDSA65
MLDSA87
EdDSA
Ed25519
Ed25519ph
ECDSA
NONEWithECDSA
SHA1WithECDSA
SHA224WithECDSA
SHA256WithECDSA
SHA384WithECDSA
SHA512WithECDSA
SHA3-224WithECDSA
SHA3-256WithECDSA
SHA3-384WithECDSA
SHA3-512WithECDSA