Module Rsa.PSS

PSS-based signing, as defined by PKCS #1 v2.1.

The same hash function is used for padding, MGF and computing message digest. MGF is MGF1 as defined in PKCS #1 2.1.

Keys must have a minimum of 2 + hlen + slen bytes, where hlen is the hash length and slen is the seed length.

Parameters

module H : Digestif.S

Signature

val sign : ?g:Mirage_crypto_rng.g -> ?crt_hardening:bool -> ?mask:mask -> ?slen:int -> key:priv -> string or_digest -> string

sign ~g ~crt_hardening ~mask ~slen ~key message the PSS-padded digest of message, signed with the key. crt_hardening defaults to false.

slen is the optional seed length and defaults to the size of the underlying hash function.

message is either the actual message, or its digest.

  • raises Invalid_argument

    if message is a `Digest of the wrong size.

val verify : ?slen:int -> key:pub -> signature:string -> string or_digest -> bool

verify ~slen ~key ~signature message checks whether signature is a valid PSS signature of the message under the given key.

message is either the actual message, or its digest.

  • raises Invalid_argument

    if message is a `Digest of the wrong size.