[kmf-discuss] using signing mechanisms of the token
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Jan 4 05:00:11 PST 2008
Jan Pechanec wrote:
> hi, I would like to verify that if the token supports sign operation
> then KMF uses that and the private key never leaves the token. Is that
> right?
>
> I don't see any usage of CKM_CMS_SIG in the souce code but I see
> CKM_RSA_PKCS and CKF_SIGN (libkmf/lib/common/algorithm.c) for example, which
> leads me to the assumption that it works as expected.
>
> thanks, Jan.
>
>
KMF does use CKM_RSA_PKCS and CKF_SIGN, but whether or not those
operations stay on the token
is a function of the token and that token's PKCS#11 implementation, KMF
cannot enforce that feature.
-Wyllys
More information about the kmf-discuss
mailing list