DSA and ECDSA signature format is incompatible with XMLDSig
Maarten Bodewes
maarten.bodewes at xs4all.nl
Mon Jul 19 21:32:11 UTC 2010
Darn, that was a bit premature, I don't see how the PKCS#11 provider can
support this. Currently it only lists the SHA256withECDSA and such.
This would make it near impossible to directly perform XML signatures using
a HSM or software PKCS#11 lib.
I'm not sure what output is generated by PKCS#11 natively, but that does not
matter as the provider will certainly generate the DER encoded structure.
At a minimum I think that the algorithms should be included in the PKCS#11
provider, but it makes the argument for the new string less sound.
Regards,
Maarten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20100719/51d1995a/attachment.htm>
More information about the security-dev
mailing list