[strongSwan-dev] PKCS#11 plugin: add support for PKCS#11 tokens which don't have CKM_RSA_PKCS_SHAXXX mechanisms

Michał Skalski mskalski13 at gmail.com
Fri Sep 30 00:48:56 CEST 2016

I'm sorry for no subject in message - fixed

2016-09-30 0:41 GMT+02:00 Michał Skalski <mskalski13 at gmail.com>:
> Hello
> Attached patch allowing use of PKCS#11 smartcards/tokens which don't
> support signing-with-hashing mechanisms.
> By default only plain CKM_RSA_PKCS (and if supported by token also
> CKM_ECDSA) mechanism is now used, hashing is done using external
> hasher.
> Old behaviour can be restored using
> charon.plugins.pkcs11.use_sign_hasher option.
> Code may need tweaking. One possibility is to enable this behaviour
> based on supported mechanisms returned by the token, but it seems
> unnecessary, as all PKCS#11 tokens supporting signatures with hashing
> support also non-hashing version of signature.
> Patch should be applied to the master branch.
> Comments and suggestions are welcome.
> Michał Skalski
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev

More information about the Dev mailing list