Please note that for a PKCS#11 based application to use 'a' mechanism, both the
module(dll or equivalent) AND the card need to support that mechanism. You better get
the document of the module, and it will be clear.
Regarding your question on verification, yeah! I will not be surprised if the module
doesn't support verification even though the card 'may'. This is true for Gemplus
cards ;-) atleast. The module supports signing and 'no' verification, but the card(AS
IS) supports both. This is so, because verification is a non-sensitive operation, and
you can do it off-card.
Hope it helps.
----------
We can't all be heroes because somebody has to sit on the curb and clap as they go by.
- Will Rogers(1879-1935)
>-----Original Message-----
>From: Smita Ayyadevara [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 31, 2001 9:45 PM
>To: 'Mohammed SADIQ'
>Cc: [EMAIL PROTECTED]
>Subject: RE: [OCF] PKCS #11: Mechanism for C_DigestInit and
>C_VerifyInit
>
>
>Hi,
>
>The card do not support mechanism CKM_SHA_1, with which I am trying to
>generate hash. In this case how can I generate the hash of the data?
>
>But the card supports CKM_RSA_PKCS. I am using this mechanism
>for signing
>the data (which works fine), but when I use the same mechanism
>(CKM_RSA_PKCS) for verifying the signature, I get error
>CKR_MECHANISM_INVALID.
>
>Thank you,
>
>Smita
>
>-----Original Message-----
>From: Mohammed SADIQ [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 31, 2001 3:42 AM
>To: Smita Ayyadevara
>Cc: [EMAIL PROTECTED]
>Subject: RE: [OCF] PKCS #11: Mechanism for C_DigestInit and
>C_VerifyInit
>
>
>Check whether the mechanism is supported for that particular
>card. If you
>have the document like 'CryptoKI programming guide for the
>card', it will be
>specified there.
>
>----------
>Q: What is the difference between ignorance and apathy?
>A: "I don't know, and I don't care."
>
>>-----Original Message-----
>>From: Smita Ayyadevara [mailto:[EMAIL PROTECTED]]
>>Sent: Wednesday, January 31, 2001 1:39 AM
>>To: [EMAIL PROTECTED]
>>Cc: Smita Ayyadevara
>>Subject: [OCF] PKCS #11: Mechanism for C_DigestInit and C_VerifyInit
>>
>>
>>Hi,
>>
>>This query is not of OCF but of PKCS #11 standards.
>>I am using Cyberflex Access 00 cards and reflex 72 card
>>reader. I have two
>>questions, one for digest and other for verification of signature.
>>
>>1. I want to hash a piece of data with SHA1 algorithm using PKCS #11
>>cryptoki API. Following is the code I am using for initializing
>>message-digesting operation.
>>
>> CK_MECHANISM mechanism;
>> CK_RV status;
>>
>> mechanism.mechanism = CKM_SHA_1;
>> mechanism.pParameter = NULL_PTR;
>> mechanism.ulParameterLen = 0;
>> status = (*ckFunc->C_DigestInit)(hSession, &mechanism);
>>
>>I am getting CKR_MECHANISM_INVALID error in C_DigestInit.
>>I tried to use other mechanisms as well, but with all others
>>also the error
>>was same.
>>
>>Am I doing something wrong here or this card do not support digest
>>mechanism?
>>In this case how shall I get the digest of the data?
>>
>>2. I am using mechanism CKM_RSA_PKCS for initializing signing of data
>>(C_SignInit) and then signing the data in one step (C_Sign),
>>which works
>>fine. Now for verifying the signature I am using the same mechanism to
>>initialize verification (CKM_RSA_PKCS). At this step I am
>getting error
>>CKR_MECHANISM_INVALID.
>>Can anyone suggest me if I am wrong at any place, how can I verify the
>>signature?
>>
>>Thank you,
>>
>>Regards,
>>Smita
>>
>>
>>
>>---
>>> Visit the OpenCard web site at http://www.opencard.org/ for more
>>> information on OpenCard---binaries, source code, documents.
>>> This list is being archived at
>http://www.opencard.org/archive/opencard/
>
>! To unsubscribe from the [EMAIL PROTECTED] mailing list
>send an email
>! to
>! [EMAIL PROTECTED]
>! containing the word
>! unsubscribe
>! in the body.
>
>
>
>
>---
>> Visit the OpenCard web site at http://www.opencard.org/ for more
>> information on OpenCard---binaries, source code, documents.
>> This list is being archived at
http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
