Hi again, See below
Andreas Jellinghaus wrote: > On Friday 03 August 2007 22:00:15 Lars Silvén wrote: >> My point >> is just that signing keys on cards should be capable of signing with any >> algorithm. Maybe someone states that a signing of a document has to be done >> with MGF1 in order to be accepted as a legal. Then only new client SW is >> needed. All issued cards could be kept. > > that doesn't work for all cards. some cards do not allow raw rsa for signing > keys, so you can only do one of the supported modes (pkcs#1 hasing of md5, > sha1 or md5+sha1 hashes usually). from cards that support MGF1 I would expect > they want the raw hash and do MGF1 themself too. does the swedish nidel card > allow raw rsa on signing keys? that would be unusual. > > I agree we should add mgf1 support for cards that support it directly, as > well > for cards that support raw rsa. but it needs more than increasing buffer > sizes here and there I guess, not 100% sure. > I'm not saying that opensc should support MGF1. I was just arguing that it is a good idea to have card keys using "raw RSA". Then you may use any RSA signing algorithm. > btw with java: opensc-project.org also hosts opensc-java project :) I will have a look at that. > > Regards, Andreas > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel Lars _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel