Rodrigo Canellas wrote: > Hi! > > I was reading the documentation for MSCComputeCrypt in > muscle-api-1.3.0.pdf, page 30, and noticed that in the example the > inData is 512 bytes long. > > I understood that the MSCComputeCrypt should create the data hash, right? > > I also concluded this by looking at the log of the PKCS#11 MUSCLE module > loaded by Firefox, where we can read: > > " > 20/07 12:23:33 +C_SignInit : start > . > . > . > > 20/07 12:23:33 Sign object keyNum: 2 DataLen: 35 > . > . > . > " > > > So, the C_Sign function is receiving data buffer that should be hashed, > and later signed, right? > > > > My question is: is it possible to tell MSCComputeCrypt that the
MSCComputeCrypt never calculates a hash. This is done by the application or card. Signing documents and calculating the hash on the card lasts too long. The usual approach is to calculate the hash and only encrypt it, like you want to do. Give MSCComputeCrypt only a cipher not a signature algorithm, e.g DIR_ENCRYPT with the private RSA key used with PKCS#1. Karsten > pInputData is already a hash, and therefore it should only be signed? I > am worried about large data buffers that should be hashed by my plugin, > for later to be signed. > > > Thanks, > > > ______________________________________________ > Rodrigo Canellas > Analista de Sistemas > (21) 4501-1833 > www.certisign.com.br > Você ainda não possui uma identidade digital? > Obtenha aqui: www.ecpf.com.br > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
