Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jakob,

Am 17.02.17 um 18:43 schrieb Jakob Bohm:
...
Some token keys on some tokens (think e-mail decryption private keys or
TLS server private keys) intentionally support decryption of a wrapped
symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or
OAEP.

The precise set of such public key operations available is given by the set
of "mechanisms" enumerated by the pkcs11 driver for the individual token.

One of the defined mechanisms (the one confusingly named "X509") appears to
actually be the raw RSA operation, thus allowing it to be repurposed to
implement any RSA scheme (such as PSS, or SHA-256 signatures) that might
be missing on the token iteself.  But this obviously only works for those
tokens that allow this, which varies by token model, token configuration
and PKCS11-driver version.

This obviously isn't possible for all tokens, and thus in general doesn't
solve your original problem for those tokens that support PSS signatures
natively, but not the raw RSA operation.  But it can be helpful for those
tokens that do support the raw RSA operation and expose this ability
through
their PKCS#11 drivers.

thank you for the explanation about the CKM_RSA_X_509 mechanism. I was not aware of its meaning, and I will study it in more detail. The tokens that I have access to do provide this mechanism, so I can experiment with it.

Regarding my original question, does anybody have comments whether and if so how it is possible to override methods in a EVP_PKEY_METHOD structure?

Thank you.

--
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux