OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pkcs11] OAEP/PSS and SHA-2


Thanks. Yes, the mechanism parameters are my concern. For example does the 
token support SHA-2 for the mask generation function in OAEP or PSS? The only 
way to tell is to generate a key pair and call C_SignInit/C_DecryptInit with 
the value in question and see if it works.


-----Original Message-----
From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of 
Jakub Jelen
Sent: Tuesday, July 7, 2020 4:38 AM
To: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>; 
Subject: Re: [pkcs11] OAEP/PSS and SHA-2

On Mon, 2020-07-06 at 18:00 +0000, Jonathan Schulze-Hewett wrote:
> I can't find a way to query a token to see if it supports OAEP or PSS
> with SHA-2. Am I missing something or is this an item that we should
> look at addressing?

I see the following mechanism in version 2.4 [1] (and other SHA2


There are no corresponding mechanisms for OAEP. But as OAEP is encryption, the 
pre-hashing does not make sense.

On the other hand, if you talk about mechanism parameters, I do not think 
there is any discovery mechanism at this moment.


Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]