Pico HSM supports in place signatures of arbitrary data. It supports the following algorithms:
Typically, there are two major signature algorithms: RSA and ECDSA. RSA uses RSA keys to encrypt with the private key some particular data, the signature, which can be later verified by using the public key. ECDSA follows the same principle but it uses elliptic curves instead. The signature algorithm is more sophisticated and allows faster and optimized signatures and verifications.
The PKCS variant, also known as v1.5, is the first release of the signature algorithm for RSA keys. It allows the use of raw data or prehashed with SHAx digest. The PSS variant is more secure and more robust algorithm for RSA signatures. It also accepts raw or prehashed data with SHAx digest. The X-509 variant is a particular case, where the data is prepended with an ASN.1 structure that contains all the necessary parameters.
ECDSA, fortunately, is much simpler and there is only one algorithm, with prehashed data with SHAx digest.
Preliminar
Before going to the signature, we prepare the data. In the file data we put some arbitrary data:
$ echo "This is a test string. Be safe, be secure." > dataTo create the signatures, we use the OpenSSL tool. This tool requires the use public keys in the form of DER and PEM, which will be used for verification. In our example, we employ the ECC located at key id 2:
$ pkcs11-tool --read-object --pin 648219 --id 2 --type pubkey > 2.der
$ openssl ec -inform DER -outform PEM -in 2.der -pubin > 2.pubThe --id parameter identifies the internal private key with id number 2. The first line retrieves the public key associated to the private key with id number 2 and stores the public key into the file 2.der.
The second line converts the public key from DER format to PEM.
To use the sc-tool, first install the sc-hsm-embedded driver. Follow instructions in its page for building and installing. Then, create the following alias:
$ alias sc-tool=pkcs11-tool --module /path/to/libsc-hsm-pkcs11.soECDSA
This is a raw ECDSA signature, which is usually used to sign a hashed message. pkcs11-tool has the limit of the maximum supported length, which is the length in bytes of the ECC curve. For a 192 bits curve, it only supports hashed messages with SHA1 (20 bytes < 24 bytes). To support SHA256 hashed messages, a minimum of ECC curve of 256 bits is required. sc-hsm-embedded driver and sc-tool do not have this constraint and can be used with arbitrary data.
To sign the data:
$ pkcs11-tool --id 2 --sign --pin 648219 --mechanism ECDSA -i data.sha1 -o data.sig --signature-format openssl
Using slot 0 with a present token (0x0)
Using signature algorithm ECDSA
To verify the signature:
$ openssl pkeyutl -verify -pubin -inkey 2.pub -in data.sha1 -sigfile data.sig
Signature Verified Successfully
To sign raw data, use sc-tool of sc-hsm-embedded driver instead of pkcs11-tool.
SHA1-ECDSA
For ECDSA signature, we employ a ECC key with the id --id 2. The signature is quite similar as with RSA.
To sign the data:
$ pkcs11-tool --id 2 --sign --pin 648219 --mechanism ECDSA-SHA1 -i data -o data.sig --signature-format openssl
Using slot 0 with a present token (0x0)
Using signature algorithm ECDSA-SHA256The signature is verified with the hash:
$ openssl pkeyutl -verify -pubin -inkey 2.pub -in data.sha1 -sigfile data.sig
Signature Verified SuccessfullySignatures with other digest can be easily performed changing the SHA1 flag with SHA224, SHA256, SHA384 or SHA512. Do not forget to update the digest file data.sha1 with the digest you select.