ML-DSA
These two basic cryptography operations allow the calculation and verification of the ML-DSA signatures.
Allowed users
Allowed
Required access scope
keymgmt:use:<KID>
where <KID> is a Key ID as a 32-character hexadecimal string
Sign
Sign a message
POST https://my.ence.do/api/crypto/pqc/mldsa/sign
Return an ML-DSA signature of the given message.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
ctx
String
Base64 encoded additional context data (max. 255 bytes)
kid*
String
Key ID, 32 chars hex string
msg*
String
Data message to sign (max. 2048 bytes)
Response status code
{
"sign": "4IzdVAZlsNHaUXGNaPMUg139TwnW5QB7WvVKA...22JTTnCHuZ1Z6sc2Hvz3WETWJ0ePKUVRJ5HzxDQ==",
"alg": "MLDSA44"
}Response data for successful operation
sign
String
Base64 encoded signature
alg
String
ML-DSA algorithm type represented by the kid
Possible alg values
alg valuesMLDSA44
Regarding FIPS 204 ML-DSA-44 key
MLDSA65
Regarding FIPS 204 ML-DSA-65 key
MLDSA87
Regarding FIPS 204 ML-DSA-87 key
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGN
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGN
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGN
LOG_RESULT_OK
200
Verify
Verify the message signature
POST https://my.ence.do/api/crypto/pqc/mldsa/verify
Verify the signature of the given message.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
ctx
String
Base64 encoded additional context data (max. 64 bytes)
kid*
String
Key ID, 32 chars hex string
msg*
String
Data message to verify (max. 2048 bytes)
sign*
String
Signature to validate returned by sign
Response status code
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFY
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFY
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFY
LOG_RESULT_OK
200
Last updated