PKSC11 Mechanisms for signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I am trying to understand the behavior of the CoolKey PKCS11 library when I try to sign some data.

I am trying to use the CKM_SHA1_RSA_PKCS signature mechanism. I call C_SignInit() with that mechanism specified and C_SignInit() returns successfully. When I sign data with C_Sign(), it also returns successfully, but the data was signed using the CKM_RSA_PKCS mechanism instead of the CKM_SHA1_RSA_PKSC mechanism.

A quick look through the code, and it appears that the mechanism specified in C_SignInit() is completely ignored and everything is assumed to be CKM_RSA_PKCS. No errors are returned that would indicate that the desired mechanism is not supported. I have tried requesting several other signing mechanisms and they all return successfully with a CKM_RSA_PKCS signature.

It also appears that the mechanism list in CoolKey is hard-coded to contain CKM_RSA_PKCS only, regardless of the capabilities of the token itself.

Can additional signature algorithms (mechanisms) be added to CoolKey (specifically the RSA-based ones)? Can an appropriate error message be returned for unsupported mechanisms?


-Ken Renard

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux