You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/crypto/api/keys/policy.rst
+10-2Lines changed: 10 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -181,6 +181,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
181
181
* `psa_mac_compute()`
182
182
* `psa_mac_sign_setup()`
183
183
* `psa_sign_message()`
184
+
* `psa_sign_interruptible_setup()`, when signing a message.
184
185
185
186
For a key pair, this concerns the private key.
186
187
@@ -195,6 +196,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
195
196
* `psa_mac_verify()`
196
197
* `psa_mac_verify_setup()`
197
198
* `psa_verify_message()`
199
+
* `psa_verify_interruptible_setup()`, when verifying the signature of a message.
198
200
199
201
For a key pair, this concerns the public key.
200
202
@@ -204,7 +206,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
204
206
.. summary::
205
207
Permission to sign a message hash with the key.
206
208
207
-
This flag is required to use the key to sign a message hash in an asymmetric signature operation. The flag must be present on keys used when calling `psa_sign_hash()`.
209
+
This flag is required to use the key to sign a pre-computed message hash in an asymmetric signature operation. The flag must be present on keys used with the following APIs:
210
+
211
+
* `psa_sign_hash()`
212
+
* `psa_sign_interruptible_setup()` when signing a pre-computed hash.
208
213
209
214
This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage flags of the key.
210
215
@@ -216,7 +221,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
216
221
.. summary::
217
222
Permission to verify a message hash with the key.
218
223
219
-
This flag is required to use the key to verify a message hash in an asymmetric signature verification operation. The flag must be present on keys used when calling `psa_verify_hash()`.
224
+
This flag is required to use the key to verify a pre-computed message hash in an asymmetric signature verification operation. The flag must be present on keys used with the following APIs:
225
+
226
+
* `psa_verify_hash()`
227
+
* `psa_verify_interruptible_setup()`, when verifying the signature of a pre-computed hash.
220
228
221
229
This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage flags of the key.
0 commit comments