I am trying to understand the behavior of the CoolKey PKCS11 library
when I try to sign some data.
I am trying to use the CKM_SHA1_RSA_PKCS signature mechanism. I call
C_SignInit() with that mechanism specified and C_SignInit() returns
successfully. When I sign data with C_Sign(), it also returns
successfully, but the data was signed using the CKM_RSA_PKCS
mechanism instead of the CKM_SHA1_RSA_PKSC mechanism.
A quick look through the code, and it appears that the mechanism
specified in C_SignInit() is completely ignored and everything is
assumed to be CKM_RSA_PKCS. No errors are returned that would
indicate that the desired mechanism is not supported. I have tried
requesting several other signing mechanisms and they all return
successfully with a CKM_RSA_PKCS signature.
It also appears that the mechanism list in CoolKey is hard-coded to
contain CKM_RSA_PKCS only, regardless of the capabilities of the
token itself.
Can additional signature algorithms (mechanisms) be added to CoolKey
(specifically the RSA-based ones)? Can an appropriate error message
be returned for unsupported mechanisms?
Thanks!
-Ken Renard
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
