On Friday 03 August 2007 22:00:15 Lars Silvén wrote: > My point > is just that signing keys on cards should be capable of signing with any > algorithm. Maybe someone states that a signing of a document has to be done > with MGF1 in order to be accepted as a legal. Then only new client SW is > needed. All issued cards could be kept.
that doesn't work for all cards. some cards do not allow raw rsa for signing keys, so you can only do one of the supported modes (pkcs#1 hasing of md5, sha1 or md5+sha1 hashes usually). from cards that support MGF1 I would expect they want the raw hash and do MGF1 themself too. does the swedish nidel card allow raw rsa on signing keys? that would be unusual. I agree we should add mgf1 support for cards that support it directly, as well for cards that support raw rsa. but it needs more than increasing buffer sizes here and there I guess, not 100% sure. btw with java: opensc-project.org also hosts opensc-java project :) Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
