Bug 1701233 - [RFE] support setting supported signature methods on the token
Summary: [RFE] support setting supported signature methods on the token
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: softhsm
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Alexander Bokovoy
QA Contact: Kaleem
Depends On:
Blocks: 1681006 1681045 1681178 1681274 1681278 1685470 1711438
TreeView+ depends on / blocked
Reported: 2019-04-18 12:54 UTC by Hubert Kario
Modified: 2019-05-17 19:41 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github opendnssec SoftHSMv2 pull 455 None None None 2019-04-18 12:55:45 UTC

Description Hubert Kario 2019-04-18 12:54:32 UTC
Description of problem:
It's not possible to create a PKCS#11 token that will support only specific RSA signature methods (e.g. only "RSA-PKCS#1 v1.5" or only "rsassa-pss", without raw RSA).

Additional info:
This is necessary to test fallback mechanism in TLS libraries, as RSA-PSS signatures are mandatory in TLS 1.3, but not all hardware PKCS#11 tokens support them.

Note You need to log in before you can comment on or make changes to this bug.