You can use my surname: Florent
And thanks again for you quick help!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629370
Title:
PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1
Thanks for the confirmation!
What name should I use for you in acknowledgments?
** Changed in: krb5 (Ubuntu)
Status: New => Confirmed
** Tags added: patch-accepted-upstream
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The patch in https://github.com/krb5/krb5/pull/550 works well for me!
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629370
Title:
PKINIT fails with PKCS#11 middlware that implements PKCS#1
Also there's a proposed patch in https://github.com/krb5/krb5/pull/550
if you would be interested in testing that out.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629370
Title:
PKINIT fails with
That is one possible workaround, but I don't have an easy way to test
this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629370
Title:
PKINIT fails with PKCS#11 middlware that implements PKCS#1
Thanks for this.
So maybe I could try recompiling with the flag PKINIT_USE_MECH_LIST
?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1629370
Title:
PKINIT fails with PKCS#11 middlware that
Thanks. It seems that omitting the NULL would produce signatures that
don't interoperate (or would require additional code complexity in the
signature verifier). With default compilation options,
pkinit_crypto_openssl.c forces PKCS11 tokens to use CKM_RSA_PKCS, so
it's unlikely that this code
Sorry, I was referring to PKCS#1 v2.2
See https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-
cryptography-standard-wp.pdf
Page 49, B.1
Exception: When formatting the DigestInfoValue in EMSA-PKCS1-v1_5 (see 9.2), the
parameters field associated with id-sha1, id-sha512/224,
RFC 3447 seems somewhat ambiguous about whether the AlgorithmIdentifier
parameters (which consist of an ASN.1 NULL, DER-encoded as 05 00) must
be present in various situations. Cross-checking with various CMS RFCs
suggests that they are required when using EMSA-PKCS1-v1_5.
cms_signeddata_create()
I've forwarded this to upstream krbdev.mit.edu #8506
I don't know if this is pkcs 11 2.10 specific or specific to the backend in
question, but it's worth having upstream take a look.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
10 matches
Mail list logo