[strongSwan-dev] (no subject)
mskalski13 at gmail.com
Fri Sep 30 00:41:46 CEST 2016
Attached patch allowing use of PKCS#11 smartcards/tokens which don't
support signing-with-hashing mechanisms.
By default only plain CKM_RSA_PKCS (and if supported by token also
CKM_ECDSA) mechanism is now used, hashing is done using external
Old behaviour can be restored using
Code may need tweaking. One possibility is to enable this behaviour
based on supported mechanisms returned by the token, but it seems
unnecessary, as all PKCS#11 tokens supporting signatures with hashing
support also non-hashing version of signature.
Patch should be applied to the master branch.
Comments and suggestions are welcome.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 14652 bytes
Desc: not available
More information about the Dev