On Thu, Aug 3, 2017 at 5:52 PM, Sébastien HAVAS <[email protected]> wrote: > Hello, > > I'm trying to generate a CSR via a RSA key pair on a HSM (ATOS BULL > Proteccio). > Due to a law, multiple constraints have been applied to the HSM, including > the deactivation of the CKM_RSA_PKCS signature algorithm. > As such, when I invoke the following command with certtool (version 3.5.8), > it fails at the end because it wanted to sign the CSR with the private key > with the CKM_RSA_PKCS algorithm. [...] > Is there a parameter to tell certtool to instead use the CKM_RSA_PKCS_PSS > (authorized) algorithm for signing the CSR, either via the command line or > via a template file ?
There is no support for RSA-PSS in gnutls. Its inclusion in only planned for 3.6.0: https://gitlab.com/gnutls/gnutls/milestones/10 regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
