DSA and ECDSA signature format is incompatible with XMLDSig

Maarten Bodewes maarten.bodewes at xs4all.nl
Mon Jul 19 14:32:11 PDT 2010


Darn, that was a bit premature, I don't see how the PKCS#11 provider can
support this. Currently it only lists the SHA256withECDSA and such.

This would make it near impossible to directly perform XML signatures using
a HSM or software PKCS#11 lib.

I'm not sure what output is generated by PKCS#11 natively, but that does not
matter as the provider will certainly generate the DER encoded structure.

At a minimum I think that the algorithms should be included in the PKCS#11
provider, but it makes the argument for the new string less sound.

Regards,
Maarten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20100719/51d1995a/attachment.html 


More information about the security-dev mailing list