Skip to main content

Supported algorithms

DigiCert​​®​​ Trust Assistant supports the following key types and signature algorithms:

Table 1. Supported algorithms for DigiCert Trust Assistant

Key type

Signature algorithms

RSA

  • sha1WithRSAEncryption

  • sha256WithRSAEncryption

  • sha384WithRSAEncryption

  • sha512WithRSAEncryption

  • sha256WithRSASSAPSS

  • sha384WithRSASSAPSS

  • sha512WithRSASSAPSS

  • sha3_256WithRsaEncryption *

  • sha3_384WithRsaEncryption *

  • sha3_512WithRsaEncryption *

  • sha3_256WithRSASSAPSS *

  • sha3_384WithRSASSAPSS *

  • sha3_512WithRSASSAPSS *

ECDSA

  • ecdsaWithSha1

  • ecdsaWithSha256

  • ecdsaWithSha384

  • ecdsaWithSha512

  • ecdsaWithSha3_256 *

  • ecdsaWithSha3_384 *

  • ecdsaWithSha3_512 *


*See the following section for more details about SHA-3.

Note

Some algorithms may not be supported by your hardware token. Refer to your third-party sources for supported hardware tokens.

Secure Hash Algorithm 3 (SHA-3)

From DigiCert Trust Assistant version 1.2.0 onwards, SHA-3 (Secure Hash Algorithm 3, a subset of Keccak) is supported. You can issue and import certificates for SHA-3 supported keyStores and tokens.

Table 2. Supported SHA-3 

KeyStore/Token

SHA-3 support

Description

DigiCert Software KeyStore

Yes

-

Windows Certificate Store

Yes

RSA-SSAPSS with SHA3 is not supported due to Windows SDK restriction.

Mac Keychain

Yes

-

Yubico YubiKey NFC 5

No

Not supported by the token.

SafeNet/Gemalto eToken 5100, 5110

No

Not supported by the token.


Note

Other hardware tokens may work. However, they are not formally qualified by DigiCert.