Comments (6)
Just constants? Do you know which mechanisms this will affect? key pair generation/signature/verification, presumably? I can imagine, also, that another OID must be picked as signature algorithm, ( i.e. EdDSA instead of ECDSA).
python-pkcs11 is another project I have been contributing recently. I'm on the watchers list, I'll check your patch once you have published your PR, to gather the information.
Adding EdDSA as a distinct feature to develop, in my project plan.
Stay tuned.
from pkcs11-tools.
Support for PKCS#2.40 fixed in v1.1.0 (commit 2ab2172)
from pkcs11-tools.
Hi @nickray,
PKCS#11 3.0, OpenSSL 1.1.1 and Edwards curve is supported as of release v2.1.0.
Regards,
from pkcs11-tools.
Hi Nicolas,
Thank you for your interest. I am planning to work openssl 1.1 support before end of this year (i.e. before end of support of openssl 1.0).
Migrating to 1.1 is actually not straightforward; the reason is because many internal object/APIs of openssl have been obfuscated now, and I will need to change the method for signing a CSR using a PKCS#11 interface; I actually need to write a small openssl engine, inspired from OpenSC/libp11.
Support for EdDSA is a good idea, but this project isn't ready yet with 2.40. Support for v3 is likely to be disruptive, isn't it? I will need to have a look. Alternatively, if possible, we could cherry-pick support for EdDSA, assuming this could work under 2.X.
from pkcs11-tools.
Thanks for the quick response! Yes indeed openssl 1.1 is a bit disruptive isn't it; on the (non-enterprisey) distributions I use openssl 1.0 isn't even easily available anymore though.
Regards to 25519, from what I can tell it's "just" three new constants plus implementation to cherry-pick this back into 2.40; I'm working on a patch for python-pkcs11. As linked above, SoftHSMv2 added support in their version 2.5, so I assume it there aren't any compatibility issues - it's new functionality.
from pkcs11-tools.
from pkcs11-tools.
Related Issues (20)
- "configure.ac:47: error: possibly undefined macro: AC_MSG_WARN" on CentOS 7.8 HOT 5
- Compilation failed HOT 5
- rpmbuild: fails because of missing pkcs11_ossl.h in the tar.gz and INSTALL.md has a typo HOT 2
- Issue when autoreconf -vfi is run from bootstrap.sh HOT 1
- C_WrapKey using AES key to wrap ED448 and ED25519 fails for CKM_AES_KEY_WRAP_PAD with CKR_KEY_NOT_WRAPPABLE HOT 2
- p11mkcert Make failed HOT 3
- bootstrapping failed. HOT 2
- Some wrong names for hashes and MGF in the manual HOT 4
- (Help, please) no way to build the source code on Ubuntu 20... HOT 7
- issues with eddsa after keygen HOT 9
- p11keygen ignores some of unknown argument HOT 2
- build failure on Linux HOT 9
- ubuntu 22.04 Compilation error HOT 2
- bootstrap error Ubuntu 22.04 HOT 3
- AES support HOT 1
- p11req -X option results in malloc failure HOT 3
- Failing compilation on Ubuntu 22.04 HOT 3
- memory leak found with commands p11req and p11mkcert
- invalid mechanisms reported by p11slotinfo, on MIPS/Linux platform
- Support for more MACing options with `p11kcv`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pkcs11-tools.