# ML-DSA #### Allowed users {% tabs %} {% tab title="User" %} Allowed {% endtab %} {% tab title="Alternative" %} Not allowed {% endtab %} {% tab title="ExtAuth" %} Allowed {% endtab %} {% endtabs %} #### Required access scope {% tabs %} {% tab title="Main" %} `keymgmt:use:` where `` is a Key ID as a 32-character hexadecimal string {% endtab %} {% endtabs %} ## Sign ## Sign a message `POST` `https://my.ence.do/api/crypto/pqc/mldsa/sign` Return an ML-DSA signature of the given message. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------- | | Authorization\* | String | Bearer JWT\_TOKEN | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | --------------------------------------- | ------ | ------------------------------------------------------- | | `ctx` | String | Base64 encoded additional context data (max. 255 bytes) | | `kid`\* | String | Key ID, 32 chars hex string | | `msg`\* | String | Data message to sign (max. 2048 bytes) | #### Response status code {% tabs %} {% tab title="200: Operation successful" %} ```javascript { "sign": "4IzdVAZlsNHaUXGNaPMUg139TwnW5QB7WvVKA...22JTTnCHuZ1Z6sc2Hvz3WETWJ0ePKUVRJ5HzxDQ==", "alg": "MLDSA44" } ``` {% endtab %} {% tab title="400: Bad Request Incorrect argument(s)" %} {% endtab %} {% tab title="401: Unauthorized Missing or invalid JWT\_TOKEN" %} {% endtab %} {% tab title="403: Forbidden Incorrect access scope" %} {% endtab %} {% tab title="406: Not Acceptable Operation failed" %} {% endtab %} {% tab title="409: Conflict Incorrect internal state" %} {% endtab %} {% tab title="418: I'm a Teapot TLS (https) connection required" %} {% endtab %} {% endtabs %} #### Response data for successful operation
NameTypeDescription
signStringBase64 encoded signature
algStringML-DSA algorithm type represented by the kid
#### Possible `alg` values | Algorithm | Description | | --------- | -------------------------------- | | MLDSA44 | Regarding FIPS 204 ML-DSA-44 key | | MLDSA65 | Regarding FIPS 204 ML-DSA-65 key | | MLDSA87 | Regarding FIPS 204 ML-DSA-87 key | #### Log entries
EventResultSource
LOG_TYPE_FAILED_SCOPE_CHECKLOG_RESULT_FAILED403
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGNLOG_RESULT_ERROR400
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGNLOG_RESULT_FAILED406
LOG_TYPE_CRYPTO_PQC_MLDSA_SIGNLOG_RESULT_OK200
## Verify ## Verify the message signature `POST` `https://my.ence.do/api/crypto/pqc/mldsa/verify` Verify the signature of the given message. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------- | | Authorization\* | String | Bearer JWT\_TOKEN | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | ---------------------------------------- | ------ | ------------------------------------------------------ | | `ctx` | String | Base64 encoded additional context data (max. 64 bytes) | | `kid`\* | String | Key ID, 32 chars hex string | | `msg`\* | String | Data message to verify (max. 2048 bytes) | | `sign`\* | String | Signature to validate returned by `sign` | #### Response status code {% tabs %} {% tab title="200: Operation successful" %} {% endtab %} {% tab title="400: Incorrect argument(s)" %} {% endtab %} {% tab title="401: Missing or invalid JWT\_TOKEN" %} {% endtab %} {% tab title="403: Incorrect access scope" %} {% endtab %} {% tab title="406: Operation failed" %} {% endtab %} {% tab title="409: Incorrect internal state" %} {% endtab %} {% tab title="418: TLS connection required" %} {% endtab %} {% endtabs %} #### Log entries
EventResultSource
LOG_TYPE_FAILED_SCOPE_CHECKLOG_RESULT_FAILED403
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFYLOG_RESULT_ERROR400
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFYLOG_RESULT_FAILED406
LOG_TYPE_CRYPTO_PQC_MLDSA_VERIFYLOG_RESULT_OK200