SCA6000 and Signing mechanisms
Gary.Morton at Sun.COM
Gary.Morton at Sun.COM
Thu Feb 28 15:15:12 PST 2008
That's not correct... we can sign for the following mechanisms
Mechanism = CKM_RSA_X_509
KeySize [256-2048] (HW Encrypt Decrypt Sign SignRecov Verify
VeryRecov Wrap Unwrap)
Mechanism = CKM_RSA_PKCS
KeySize [256-2048] (HW Encrypt Decrypt Sign SignRecov Verify
VeryRecov Wrap Unwrap)
Mechanism = CKM_DSA
KeySize [512-1024] (HW Sign Verify)
Mechanism = CKM_ECDSA
KeySize [163-571] (HW Sign Verify)
Wyllys Ingersoll wrote:
> It appears that the SCA6000 (Mars) card does not have any signing
> mechanisms.
> Which means, one can create an RSA keypair, but not sign things
> with the private key such as when signing an X509 certificate
> (self-signed or
> otherwise).
>
> I just want to verify that this is the case, I was doing some testing with
> pktool(1) and ran into this problem when trying to create a self-signed
> cert.
> I can generate they keys, store them on the token and create the
> certificate
> template, but cannot sign it because there is no CKM_MD5_RSA_PKCS mechanism.
>
> -Wyllys
>
>
> _______________________________________________
> crypto-discuss mailing list
> crypto-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>
More information about the crypto-discuss
mailing list