Hi Markku,
Yeah. We had a conversation about this on the OpenPGP mailing list and David A.
Cooper from NIST (although speaking for himself)
[clarified](https://mailarchive.ietf.org/arch/msg/openpgp/5OJLFcUB3i7Y9y6ji7xPcdLav5U/),
similarly to what you said:
> I do not think of HashML-DSA.Sign as being a case in which the hashing
> of the message occurs at the application level. I think of the way that
> signing works with my smart card (or an HSM) now. If my application
> wants to sign a message (using RSA or ECDSA), calls a sign function of
> the cryptographic library. The library sends the message to a software
> cryptographic module (that is probably statically or dynamically linked
> to the cryptographic library), applies any necessary padding to the
> hash, and then sends the result to the smart card (or HSM), which
> performs the private key operation. I would expect something similar
> with ML-DSA. The application just asks for a message to be signed. The
> cryptographic library handles the details of how to do that, which may
> involve sending different commands to different cryptographic modules.
Best,
Daniel
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
