CA using Pkcs11NgCryptoToken (JackNJI11 provider) cannot be created with signing algorithm SHA512withRSAandMGF1.
Trying to do so gives the following error message:
Error: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: SHA512 for provider JackNJI11
An eIDAS Appliance customer is planning to do a key ceremony for root CAs using this algorithm in August 2020.
Steps to reproduce:
- Generate, initialize and authorize keys in a crypto token of type Pkcs11NgCryptoToken
- Go to Create CA
- Select Signing Algorithm: SHA512withRSAandMGF1
- Select Crypto Token of type Pkcs11NgCryptoToken
Other MGF1 algorithms (SHA256, SHA384) have the same issue.
Other SHA512 algorithms give the following results:
- SHA512WithRSA: CA can be created
- SHA3-512withRSA: Gives the following error:
- Error: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: 2.16.822.214.171.124.4.3.16 for provider JackNJI11