Wan-Teh Chang wrote: > As I pointed out above, the PKCS #11 token also handles verifying > RSA signatures. The only difference between the handling of RSA > and DSA/ECDSA signatures is when we call PK11_xxx and whether > we call PK11_VerifyRecover or PK11_Verify. (PK11_VerifyRecover > doesn't make sense for DSA/ECDSA.) It seems that we could call > PK11_Verify for RSA signatures, too.
As you know, there are some RSA signatures that don't have the DER-encoded hash algorithm OID in them. I seem to recall that some code in NSS is designed to work with those signatures also. I don't recall if that's relevant to this particular code path though. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
