On Sat, Sep 21, 2024 at 02:36:46AM +0200, Steffen Nurpmeso wrote:
> I used to support the following digests for S/MIME:
>
> .Ql BLAKE2b512 ,
> .Ql BLAKE2s256 ,
> .Ql SHA3-512 ,
> .Ql SHA3-384 ,
> .Ql SHA3-256 ,
> .Ql SHA3-224 ,
> as well as the widely available
> .Ql SHA512 ,
> .Ql SHA384 ,
> .Ql SHA256 ,
> .Ql SHA224 ,
> and the proposed insecure
> .Ql SHA1 ,
> finally
> .Ql MD5 .
Is this for signing with RSA keys? See the implementations of
ossl_digest_rsa_sign_get_md_nid() and ossl_digest_get_approved_nid()
which do not include Blake2 digests among those supported as an
RSAwith<digest> variant.
> And i must be very much mistaken (on this specific topic, i know, i
> know, in general i am anyway) if it worked to use Blake2 in the past,
> but today i get (with 3.3.2)
>
> reproducible_build: Error finalizing the PKCS#7 signing object: error:1C8000AE:Provider routines::digest not allowed
> reproducible_build: ... message not sent
>
> Now i wonder why, but furthermore would like to know whether there
> is a place where it is written which digests are allowed, and
> which not.
A cursory search suggests that perhaps standardisation of RSA with Blake2
fizzled out:
https://datatracker.ietf.org/doc/draft-wconner-blake2sigs/history/
but I could be mistaken.
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/Zu5gqB6twiy50H_t%40chardros.imrryr.org.
