[strongSwan-dev] PKCS#11 plugin: add support for PKCS#11 tokens which don't have CKM_RSA_PKCS_SHAXXX mechanisms
Michał Skalski
mskalski13 at gmail.com
Fri Sep 30 00:48:56 CEST 2016
I'm sorry for no subject in message - fixed
2016-09-30 0:41 GMT+02:00 Michał Skalski <mskalski13 at gmail.com>:
> Hello
>
> Attached patch allowing use of PKCS#11 smartcards/tokens which don't
> support signing-with-hashing mechanisms.
>
> By default only plain CKM_RSA_PKCS (and if supported by token also
> CKM_ECDSA) mechanism is now used, hashing is done using external
> hasher.
>
> Old behaviour can be restored using
> charon.plugins.pkcs11.use_sign_hasher option.
>
> Code may need tweaking. One possibility is to enable this behaviour
> based on supported mechanisms returned by the token, but it seems
> unnecessary, as all PKCS#11 tokens supporting signatures with hashing
> support also non-hashing version of signature.
>
> Patch should be applied to the master branch.
>
> Comments and suggestions are welcome.
>
> Michał Skalski
>
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
More information about the Dev
mailing list