[strongSwan-dev] (no subject)
Michał Skalski
mskalski13 at gmail.com
Fri Sep 30 00:41:46 CEST 2016
Hello
Attached patch allowing use of PKCS#11 smartcards/tokens which don't
support signing-with-hashing mechanisms.
By default only plain CKM_RSA_PKCS (and if supported by token also
CKM_ECDSA) mechanism is now used, hashing is done using external
hasher.
Old behaviour can be restored using
charon.plugins.pkcs11.use_sign_hasher option.
Code may need tweaking. One possibility is to enable this behaviour
based on supported mechanisms returned by the token, but it seems
unnecessary, as all PKCS#11 tokens supporting signatures with hashing
support also non-hashing version of signature.
Patch should be applied to the master branch.
Comments and suggestions are welcome.
Michał Skalski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-PKCS11-plugin-no-sign-hashing.patch
Type: text/x-patch
Size: 14652 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160930/33d06b77/attachment.bin>
More information about the Dev
mailing list