Hello all, I experimented with libp11 and enginePkcs11 lately for creating signatures with smart cards. I noticed that libp11 (and enginePkcs11, too) only allows to create signatures where the hash was computed in software. The PKCS#11 device will simply apply the signature algorithm, and the PKCS#1.5 padding is created manually. But many devices actually provide support for performing the whole procedure on the device (i.e. hashing, signature and padding). Some people even consider it a security risk if not the entire procedure takes place on the device (tbd). Regardless of that, wouldn't it be a nice addition to add support for this in both libraries? I'd be glad to help out myself, is it possible to contribute?
Best regards, Martin Boßlet _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
