[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 0.9rc1 Comment #2



Oh.  Thanks.

That would make it harder to FIPS-140 certify a chain using opensc  
than a chain using openssl wouldn't it?

On Jun 28, 2007, at 2:32 PM, Douglas E. Engert wrote:

> Henry B. Hotz wrote:
>> hxtool run against a prototype PIV card prints (in addition to  
>> lots of good stuff!):
>
> But none of these comes off the card, it comes from the opensc- 
> pkcs11.so
> as the digests and padding are done in software, The PIV card only
> supports raw RSA.
>
> Other cards may support more on the card.
>
>>> number of supported mechanisms: 12
>>>   sha1: digest
>>>   unknown-mech-592: digest
>>>   unknown-mech-608: digest
>>>   unknown-mech-624: digest
>>>   md5: digest
>>>   ripemd-160: digest
>>>   rsa-x-509: unwrap, verify, sign, decrypt, hw
>>>   rsa-pkcs: unwrap, verify, sign, decrypt, hw
>>>   sha1-rsa-pkcs: verify, sign
>>>   md5-rsa-pkcs: verify, sign
>>>   ripemd160-rsa-pkcs: verify, sign
>>>   rsa-pkcs-key-pair-gen: genereate-key-pair
>> I don't know if it's easy to track down what those digest  
>> mechanisms are, or even if I should care.
>> --------------------------------------------------------------------- 
>> ---
>> The opinions expressed in this message are mine,
>> not those of Caltech, JPL, NASA, or the US Government.
>> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>
> -- 
>
>  Douglas E. Engert  <DEEngert@anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444