Giter VIP home page Giter VIP logo

Comments (6)

keldonin avatar keldonin commented on May 26, 2024 1

Just constants? Do you know which mechanisms this will affect? key pair generation/signature/verification, presumably? I can imagine, also, that another OID must be picked as signature algorithm, ( i.e. EdDSA instead of ECDSA).

python-pkcs11 is another project I have been contributing recently. I'm on the watchers list, I'll check your patch once you have published your PR, to gather the information.

Adding EdDSA as a distinct feature to develop, in my project plan.

Stay tuned.

from pkcs11-tools.

keldonin avatar keldonin commented on May 26, 2024 1

Support for PKCS#2.40 fixed in v1.1.0 (commit 2ab2172)

from pkcs11-tools.

keldonin avatar keldonin commented on May 26, 2024 1

Hi @nickray,

PKCS#11 3.0, OpenSSL 1.1.1 and Edwards curve is supported as of release v2.1.0.

Regards,

from pkcs11-tools.

keldonin avatar keldonin commented on May 26, 2024

Hi Nicolas,

Thank you for your interest. I am planning to work openssl 1.1 support before end of this year (i.e. before end of support of openssl 1.0).

Migrating to 1.1 is actually not straightforward; the reason is because many internal object/APIs of openssl have been obfuscated now, and I will need to change the method for signing a CSR using a PKCS#11 interface; I actually need to write a small openssl engine, inspired from OpenSC/libp11.

Support for EdDSA is a good idea, but this project isn't ready yet with 2.40. Support for v3 is likely to be disruptive, isn't it? I will need to have a look. Alternatively, if possible, we could cherry-pick support for EdDSA, assuming this could work under 2.X.

from pkcs11-tools.

nickray avatar nickray commented on May 26, 2024

Thanks for the quick response! Yes indeed openssl 1.1 is a bit disruptive isn't it; on the (non-enterprisey) distributions I use openssl 1.0 isn't even easily available anymore though.

Regards to 25519, from what I can tell it's "just" three new constants plus implementation to cherry-pick this back into 2.40; I'm working on a patch for python-pkcs11. As linked above, SoftHSMv2 added support in their version 2.5, so I assume it there aren't any compatibility issues - it's new functionality.

from pkcs11-tools.

keldonin avatar keldonin commented on May 26, 2024
  • Support for OpenSSL 1.1+ moved to issue #10
  • Support for EdDSA curves moved to issue #11

from pkcs11-tools.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.