You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/crypto/api/keys/policy.rst
+10-2Lines changed: 10 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -180,6 +180,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
180
180
* `psa_mac_compute()`
181
181
* `psa_mac_sign_setup()`
182
182
* `psa_sign_message()`
183
+
* `psa_sign_interruptible_setup()`, when signing a message.
183
184
184
185
For a key pair, this concerns the private key.
185
186
@@ -194,6 +195,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
194
195
* `psa_mac_verify()`
195
196
* `psa_mac_verify_setup()`
196
197
* `psa_verify_message()`
198
+
* `psa_verify_interruptible_setup()`, when verifying the signature of a message.
197
199
198
200
For a key pair, this concerns the public key.
199
201
@@ -203,7 +205,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
203
205
.. summary::
204
206
Permission to sign a message hash with the key.
205
207
206
-
This flag is required to use the key to sign a message hash in an asymmetric signature operation. The flag must be present on keys used when calling `psa_sign_hash()`.
208
+
This flag is required to use the key to sign a pre-computed message hash in an asymmetric signature operation. The flag must be present on keys used with the following APIs:
209
+
210
+
* `psa_sign_hash()`
211
+
* `psa_sign_interruptible_setup()` when signing a pre-computed hash.
207
212
208
213
This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage flags of the key.
209
214
@@ -215,7 +220,10 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`.
215
220
.. summary::
216
221
Permission to verify a message hash with the key.
217
222
218
-
This flag is required to use the key to verify a message hash in an asymmetric signature verification operation. The flag must be present on keys used when calling `psa_verify_hash()`.
223
+
This flag is required to use the key to verify a pre-computed message hash in an asymmetric signature verification operation. The flag must be present on keys used with the following APIs:
224
+
225
+
* `psa_verify_hash()`
226
+
* `psa_verify_interruptible_setup()`, when verifying the signature of a pre-computed hash.
219
227
220
228
This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage flags of the key.
0 commit comments