SCA6000 and Signing mechanisms
Gary.Morton at Sun.COM
Gary.Morton at Sun.COM
Thu Feb 28 15:47:32 PST 2008
Hai-May Chao wrote:
> Gary.Morton at sun.com wrote:
>> That's not correct... we can sign for the following mechanisms
>>
>> Mechanism = CKM_RSA_X_509
>> KeySize [256-2048] (HW Encrypt Decrypt Sign SignRecov Verify
>> VeryRecov Wrap Unwrap)
>> Mechanism = CKM_RSA_PKCS
>> KeySize [256-2048] (HW Encrypt Decrypt Sign SignRecov Verify
>> VeryRecov Wrap Unwrap)
>> Mechanism = CKM_DSA
>> KeySize [512-1024] (HW Sign Verify)
>> Mechanism = CKM_ECDSA
>> KeySize [163-571] (HW Sign Verify)
>>
>>
>>
>
> Yup, Mars has those signing mechanisms.
> It does not have CKM_MD5_RSA_PKCS mechanism, right? which is
> being used thru pktool testing.
Yes that is true. I assume you can use other signing mechanisms right?
-gary
>
> Hai-May
>
>
>
> Hai-May
>
>
>> Wyllys Ingersoll wrote:
>>
>>> It appears that the SCA6000 (Mars) card does not have any signing
>>> mechanisms.
>>> Which means, one can create an RSA keypair, but not sign things
>>> with the private key such as when signing an X509 certificate
>>> (self-signed or
>>> otherwise).
>>>
>>> I just want to verify that this is the case, I was doing some
>>> testing with
>>> pktool(1) and ran into this problem when trying to create a
>>> self-signed cert.
>>> I can generate they keys, store them on the token and create the
>>> certificate
>>> template, but cannot sign it because there is no CKM_MD5_RSA_PKCS
>>> mechanism.
>>>
>>> -Wyllys
>>>
>>>
>>> _______________________________________________
>>> crypto-discuss mailing list
>>> crypto-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>>
>>
>> _______________________________________________
>> crypto-discuss mailing list
>> crypto-discuss at opensolaris.org
>> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>>
>
More information about the crypto-discuss
mailing list