Hi David, On 23 February 2016 at 11:55, David Howells <dhowells@xxxxxxxxxx> wrote: > Andrew Zaborowski <balrogg@xxxxxxxxxxxxxx> wrote: > >> AIUI Tadeusz is proposing adding the hashing as a new feature. Note >> though that the hash paremeter won't make sense for the encrypt, >> decrypt or verify operations. > > The hash parameter is necessary for the verify operation. From my > perspective, I want a verify operation that takes the signature, the message > hash and the hash name and gives me back an error code. >From the certificates point of view yes, but the akcipher API only has the four operations each of which has one input buffer and out output buffer. Without overhauling akcipher you could modify pkcs1pad so that sign takes the hash as input, adds the DER struct in front of it to build the signature, and the verify operation could at most check that the DER string matches the hash type and return the hash. But I think RFC2437 suggests that you rather compare the signatures, not the hashes. Cheers -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html