Skip to main content

Signature algorithm

The signature algorithm defines the hash and signature algorithms that the certificate can use to sign a certificate request. Also defines a default signature algorithm for a certificate request that does not specify a signature algorithm.

Example JSON

"signature_algorithm":
{
	"allowed_algorithms":
	[
		"sha1WithRSA",
		"sha256WithRSA",
		"sha384WithECDSA",
		"sha256WithRSAPSS",
		"pureEd25519",
		"sha3_256WithRSA",
		"sha3_384WithRSA",
		"sha3_512WithRSA",
		"MLDSA-44",
		"MLDSA-65",
		"MLDSA-87",
		"SLHDSA-SHA2-128s",
		"SLHDSA-SHA2-192f",
		"SLHDSA-SHA2-192s",
		"SLHDSA-SHA2-256f",
		"SLHDSA-SHA2-256s",
		"SLHDSA-SHAKE-128f",		
		"SLHDSA-SHAKE-128s",
		"SLHDSA-SHAKE-192f",
		"SLHDSA-SHAKE-192s",
		"SLHDSA-SHAKE-256f",
		"SLHDSA-SHAKE-256s",
		"match_issuer"
	],
	"default_algorithm":"match_issuer"
}

Parameters

Name	Type	Req/Opt	Description
signature_algorithm	object	required	Signature algorithm parameters.
allowed_algorithms	array of strings	required	Supported signature algorithm values: `sha1WithRSA` `sha256WithRSA` `sha384WithRSA` `sha512WithRSA` `sha256WithECDSA` `sha384WithECDSA` `sha512WithECDSA` `sha256WithRSAPSS` `sha384WithRSAPSS` `sha512WithRSAPSS` `pureEd25519` `sha3_256WithRSA` `sha3_384WithRSA` `sha3_512WithRSA` `match_issuer` `MLDSA-44` `MLDSA-65` `MLDSA-87` `SLHDSA-SHA2-128s` `SLHDSA-SHA2-192f` `SLHDSA-SHA2-192s` `SLHDSA-SHA2-256f` `SLHDSA-SHA2-256s` `SLHDSA-SHAKE-128f` `SLHDSA-SHAKE-128s` `SLHDSA-SHAKE-192f` `SLHDSA-SHAKE-192s` `SLHDSA-SHAKE-256f` `SLHDSA-SHAKE-256s` 注意 `WithRSA` implies PKCS1 v .15 padding. Support for RSA PSS padding is included with `WithRSAPSS` types. `sha3_WithRSA` and `Ed25519` are for private certificate hierarchies only `MLDSA-` (Dilithium) `and SLHDSA-` (Sphincs) are PQC signature algorithms for private certificate hierarchies only
default_algorithm	string	required	The default hash type to use if none is specified in the certificate request. This value must be in the list of allowed algorithms.

本节内容如下:

Was this helpful?