Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Since ECA-6212 we support SHA3 integration with soft crypto tokens. However, SHA3 integration with HSMs is not yet supported.

      For example, if you try to sign a root CA with SHA3-256withRSA as signature algorithm and a PKCS11 crypto token (using e.g. SoftHSM) you get an error like "algorithm <some OID> not supported".

      According to Lars Silvén you can hash the data outside the HSM and then send it via the PKCS11 API to the HSM for padding and signing, which would allow for SHA3-support even when an HSM is used.

      This should be investigated and implemented.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bastianf Bastian Fredriksson
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: