SCA6000 and Signing mechanisms
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Feb 29 06:50:24 PST 2008
Misaki.Kataoka at sun.com wrote:
> CKM_MD5_RSA_PKCS is just a wrapper of CKM_MD5 and CKM_RSA_PKCS.
> It would be nice if pktool can implement CKM_MD5_RSA_PKCS using
> CKM_MD5 and CKM_RSA_PKCS to take advantage of many HW providers.
> (PKCS#1 explains how to implement it using MD5 and RSA_PKCS.)
>
> -- misaki
>
Thanks! I will investigate doing it this way (MD5 from softtoken +
RSA_PKCS on the card).
The purpose of this is so that one can sign certificates with private
keys stored on the card.
Certificate signing normally means using MD5_RSA_PKCS or SHA***_RSA_PKCS,
so the lack of this feature today is a proglem, but it appears that it
can be fixed by just
re-working some of the signing code in libkmf.
I will file a bug against KMF to get it fixed.
-Wyllys
More information about the crypto-discuss
mailing list