feat(key_manager): add asymmetric concepts

Author: Mélanie Marques

pages/key-manager/concepts.mdx

@@ -18,6 +18,12 @@ The public key is used for encryption and can be shared openly, while the privat
 
 Asymmetric encryption is particularly well-suited for secure communication and authentication, such as encrypting emails or verifying digital signatures. However, it is slower than symmetric encryption. Algorithms like RSA and ECC are common examples of asymmetric encryption.
 
+As of now, Key Manager currently supports the following asymmetric encryption algorithms:
+
+- RSA-OAEP-2048-SHA256: RSA encryption with 2048-bit key and OAEP padding using SHA-256.
+- RSA-OAEP-3072-SHA256: RSA encryption with 3072-bit key and OAEP padding using SHA-256.
+- RSA-OAEP-4096-SHA256: RSA encryption with 4096-bit key and OAEP padding using SHA-256.
+
 ## Ciphertext
 
 Ciphertext refers to data that has been encrypted using a cryptographic algorithm and a key.
@@ -36,6 +42,8 @@ Key Manager supports the three following cryptographic operations:
 - [Encryption](#encryption)
 - [Decryption](#decryption)
 - [Data encryption key](#data-encryption-key-dek) generation
+- [Signature](#signature)
+- [Signature Verification](#signature-verification)
 
 These operations are designed to protect data from unauthorized access, ensure its integrity, and verify the identities of users or systems.
 
@@ -57,7 +65,7 @@ The only way to decrypt an encrypted payload is by using the `Decrypt` [endpoint
 
 A cryptographic operation used to encrypt data using the latest version of the Key Manager key. The [encryption algorithm](#encryption-algorithm) used is the one defined when setting the [key usage](#key-usage).
 
-Only keys with a usage set to `symmetric_encryption` are supported by this method. The input data is arbitrary, but this endpoint should only be used to encrypt **data encryption keys**, not actual [payloads](#payload).
+The input data is arbitrary, but this endpoint should only be used to encrypt **data encryption keys**, not actual [payloads](#payload).
 
 [Find out how to encrypt and decrypt payloads using The Scaleway Tink provider](/key-manager/api-cli/manage-keys-with-tink)
 
@@ -67,21 +75,17 @@ An encryption algorithm is the specific procedure used to perform encryption and
 
 It defines the exact steps to transform plaintext into ciphertext and vice versa using a key.
 
-As of now, Key Manager supports the following encryption algorithm:
-
-- AES (Advanced Encryption Standard): A widely used symmetric encryption algorithm.
-
 ## Encryption method
 
 An encryption method is a broader approach used to convert readable data ([plaintext](#plaintext)) into an unreadable format ([ciphertext](#ciphertext)) which may involve one or more [encryption algorithms](#encryption-algorithm).
 
 There are three types of encryption methods:
 
 - [Symmetric encryption](#symmetric-encryption)
-- [Asymmetric encrytpion](#asymmetric-encryption)
+- [Asymmetric encryption](#asymmetric-encryption)
 - Hybrid encryption: An encryption method that combines both symmetric and asymmetric methods
 
-Key Manager only supports symmetric encryption.
+Key Manager supports symmetric and asymmetric encryption.
 
 ## Encryption scheme
 
@@ -119,7 +123,7 @@ After rotating your Key Manager keys, all cryptographic operations will use the
 ## Key usage
 
 The key usage specifies the **algorithm** used to create subsequent key versions, and the **scope of cryptographic operations** supported by your key encryption key.
-You must define a key usage upon key creation. As of now, Key Manager **only supports symmetric encryption**.
+You must define a key usage upon key creation. Key Manager supports symmetric encryption, asymmetric encryption and asymmetric signing.
 
 ## Key version
 
@@ -145,6 +149,29 @@ A region refers to the **geographical location** in which your key will be creat
 
 A root encryption key (REK) is another type of key that has the single purpose of encrypting and decrypting KEKs in order to store them in hard storage. Scaleway's Key Manager has one REK per region, which is securely stored in our facilities.
 
+## Signature
+
+Signature is a cryptographic technique used to ensure the authenticity and integrity of data.  In this process, a digest (hash) of the message is created and then signed using a private key. This signature can later be verified by anyone with access to the corresponding public key.
+
+Signatures are widely used in scenarios like document signing, secure communication, and identity verification. They offer assurance that the data originated from a trusted source and has not been tampered with.
+
+As for now, Key Manager supports the following asymmetric signing algorithms:
+
+- EC-P256-SHA256: ECDSA signing with the P-256 curve and SHA-256.
+- EC-P384-SHA256: ECDSA signing with the P-384 curve and SHA-384.
+- RSA-PSS-2048-SHA256: RSA-PSS signing with 2048-bit key and SHA-256.
+- RSA-PSS-3072-SHA256: RSA-PSS signing with 3072-bit key and SHA-256.
+- RSA-PSS-4096-SHA256: RSA-PSS signing with 4096-bit key and SHA-256.
+- RSA-PKCS1-2048-SHA256: RSA PKCS#1 v1.5 signing with 2048-bit key and SHA-256.
+- RSA-PKCS1-3072-SHA256: RSA PKCS#1 v1.5 signing with 3072-bit key and SHA-256.
+- RSA-PKCS1-4096-SHA256: RSA PKCS#1 v1.5 signing with 4096-bit key and SHA-256.
+
+## Signature verification
+
+Signature verification is the process of confirming the authenticity and integrity of a digital signature.
+It involves using the public key corresponding to the private key that was used to create the signature to verify that the data has not been altered and that it comes from the claimed sender.
+This process is crucial for ensuring secure and reliable communication.
+
 ## Symmetric encryption
 
 Symmetric encryption is a fundamental type of cryptographic method where the same key is used to both encrypt and decrypt data. This means that the sender and receiver must have access to the same secret key, which they use to secure their communication.

pages/key-manager/faq.mdx

@@ -29,11 +29,18 @@ Key Manager supports the three following cryptographic operations:
 - [Encryption](/key-manager/concepts/#encryption)
 - [Decryption](/key-manager/concepts/#decryption)
 - [Data encryption key](/key-manager/concepts/#data-encryption-key-dek) generation
+- [Signature](/key-manager/concepts/#signature)
+- [Signature Verification](/key-manager/concepts/#signature-verification)
+
 
 ## Which algorithms and key usage does Key Manager support?
 
 <Macro id="encryption" />
 
-Keys with a [key usage](/key-manager/concepts/#key-usage) set to `symmetric_encryption` are **used to encrypt and decrypt data**.
+Key Manager supports multiple [key usages](/key-manager/concepts/#key-usage) to suit different cryptographic operations:
+
+- Keys with a key usage set to `symmetric_encryption` are used to encrypt and decrypt data using symmetric algorithms.
+- Keys with an `asymmetric_encryption` usage are used for encrypting and decrypting data with asymmetric algorithms, typically involving a public-private key pair.
+- Keys with a `asymmetric_signing` usage are used for generating and verifying digital signatures, ensuring data authenticity and integrity.
 
 Refer to our [dedicated documentation](/key-manager/reference-content/understanding-key-manager/) to find out more about Key Manager.