[strongSwan-dev] (no subject)
Michał Skalski
mskalski13 at gmail.com
Fri Sep 30 00:42:32 CEST 2016
PS Also added support for signing with SHA-224 ahsh
2016-09-30 0:41 GMT+02:00 Michał Skalski <mskalski13 at gmail.com>:
> Hello
>
> Attached patch allowing use of PKCS#11 smartcards/tokens which don't
> support signing-with-hashing mechanisms.
>
> By default only plain CKM_RSA_PKCS (and if supported by token also
> CKM_ECDSA) mechanism is now used, hashing is done using external
> hasher.
>
> Old behaviour can be restored using
> charon.plugins.pkcs11.use_sign_hasher option.
>
> Code may need tweaking. One possibility is to enable this behaviour
> based on supported mechanisms returned by the token, but it seems
> unnecessary, as all PKCS#11 tokens supporting signatures with hashing
> support also non-hashing version of signature.
>
> Patch should be applied to the master branch.
>
> Comments and suggestions are welcome.
>
> Michał Skalski
More information about the Dev
mailing list