[strongSwan-dev] (no subject)

Michał Skalski mskalski13 at gmail.com
Fri Sep 30 00:41:46 CEST 2016


Attached patch allowing use of PKCS#11 smartcards/tokens which don't
support signing-with-hashing mechanisms.

By default only plain CKM_RSA_PKCS (and if supported by token also
CKM_ECDSA) mechanism is now used, hashing is done using external

Old behaviour can be restored using
charon.plugins.pkcs11.use_sign_hasher option.

Code may need tweaking. One possibility is to enable this behaviour
based on supported mechanisms returned by the token, but it seems
unnecessary, as all PKCS#11 tokens supporting signatures with hashing
support also non-hashing version of signature.

Patch should be applied to the master branch.

Comments and suggestions are welcome.

Michał Skalski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-PKCS11-plugin-no-sign-hashing.patch
Type: text/x-patch
Size: 14652 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160930/33d06b77/attachment.bin>

More information about the Dev mailing list