Damiano ALBANI wrote:
Hello, Is it possible with PKCS#11 to ask a token to calculate a HMAC using a private/secret key stored inside ?
Are you trying force the card to do the HMAC, because you don't trust the software to do it? Like trying to enforce some policy that hashs must be done on the card? Or are you willing to let the PKCS#11 software to the hash? In PKCS#11 terms use a mech like CKM_SHA1_RSA_PKCS or CHM_MD5_RSA_PKCS? If you don't trust the software and are trying to make sure the card did the hash too, then your card should not expose CKM_RSA_PKCS or CKM_RSA_X_509 otherwise the software could bypass your policy and do the hash in software and send the hash to the card with CKM_RSA_PKCS to be signed. Since sending large amounts of data to the card to hash can be very time consuming, it is usually done in software, and the hash sent to the card to be signed.
What are the products on the market with this capability ? With the addition of HMAC support to JavaCard 2.2.2, I supposed this must be technically possible on JavaCards -- provided there exists JC 2.2.2 compatible products though... Cheers,
-- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
