Hello Martin,
I'm sorry I didn't provide the patch yet. This was mainly because I
couldn't figure out why my device (Aladdin eToken PRO) behaved weirdly
as described. But it could be a driver-related problem. I attached the
code I have so far, maybe you could experiment with that and see
whether o
Hello Martin,
On Oct 26, 2010, at 11:31 PM, Martin Boßlet wrote:
> I implemented computation of the hash on-device, and it works fine except for
> one odd problem:
What happened to your implementation? Is it available somewhere? Do you have a
patch?
It feels an important and interesting devel
I implemented computation of the hash on-device, and it works fine except
for one odd problem:
I am using an Aladdin eToken for performing tests, and I call C_SignInit,
C_SignUpdate and finally C_SignFinal on the PKCS#11 level using mechanism
CKM_SHA1_RSA_PKCS for SHA-1 (similar for SHA-2 family).
I looked into the SHA-1specification and into PKCS#11 to see how I could
perform the last round of the hash on-device and came up with the following
approach:
If e.g. the last block of the message digest calculation should be computed
on-device and the previous blocks in software, then I would have
As mentioned, computing the last round of the hash on the device and
the previous rounds in software would be the perfect thing to have.
Is it ok if I try to implement this for libp11 and submit the solution
for review? If the solution is accepted I could then move on to
integrate this feature into
Ludovic Rousseau wrote:
> 2010/10/19 Martin Paljak :
>
>> Hello,
>>
>> On Tue, Oct 19, 2010 at 13:38, Martin Boßlet
>> wrote:
>>
>>> I noticed that libp11 (and enginePkcs11, too) only allows to create
>>> signatures where the hash was computed in software. The PKCS#11 device
>>> will simpl
2010/10/19 Martin Paljak :
> Hello,
>
> On Tue, Oct 19, 2010 at 13:38, Martin Boßlet
> wrote:
>> I noticed that libp11 (and enginePkcs11, too) only allows to create
>> signatures where the hash was computed in software. The PKCS#11 device
>> will simply apply the signature algorithm, and the PKCS#
Hello,
On Tue, Oct 19, 2010 at 13:38, Martin Boßlet
wrote:
> I noticed that libp11 (and enginePkcs11, too) only allows to create
> signatures where the hash was computed in software. The PKCS#11 device
> will simply apply the signature algorithm, and the PKCS#1.5 padding is
> created manually. Bu
Hello all,
I experimented with libp11 and enginePkcs11 lately for creating
signatures with smart cards.
I noticed that libp11 (and enginePkcs11, too) only allows to create
signatures where the hash was computed in software. The PKCS#11 device
will simply apply the signature algorithm, and the PKCS
