[strongSwan-dev] (no subject)

Michał Skalski mskalski13 at gmail.com
Fri Sep 30 00:42:32 CEST 2016

PS Also added support for signing with SHA-224 ahsh

2016-09-30 0:41 GMT+02:00 Michał Skalski <mskalski13 at gmail.com>:
> Hello
> Attached patch allowing use of PKCS#11 smartcards/tokens which don't
> support signing-with-hashing mechanisms.
> By default only plain CKM_RSA_PKCS (and if supported by token also
> CKM_ECDSA) mechanism is now used, hashing is done using external
> hasher.
> Old behaviour can be restored using
> charon.plugins.pkcs11.use_sign_hasher option.
> Code may need tweaking. One possibility is to enable this behaviour
> based on supported mechanisms returned by the token, but it seems
> unnecessary, as all PKCS#11 tokens supporting signatures with hashing
> support also non-hashing version of signature.
> Patch should be applied to the master branch.
> Comments and suggestions are welcome.
> Michał Skalski

More information about the Dev mailing list