Hello, On Tue, Oct 19, 2010 at 13:38, Martin Boßlet <martin.boss...@googlemail.com> wrote: > I noticed that libp11 (and enginePkcs11, too) only allows to create > signatures where the hash was computed in software. The PKCS#11 device > will simply apply the signature algorithm, and the PKCS#1.5 padding is > created manually. But many devices actually provide support for > performing the whole procedure on the device (i.e. hashing, signature > and padding). Some people even consider it a security risk if not the > entire procedure takes place on the device (tbd). Regardless of that, > wouldn't it be a nice addition to add support for this in both > libraries? > I'd be glad to help out myself, is it possible to contribute?
Of course [1] ! The reason why hashing is usually done on the host side is speed. Documents I usually sign are around 100K or even bigger and the smart card reader interface is not the fastest on earth. Nevertheless, an implementation of on-card hashing would be a nice to have feature. [1] http://www.opensc-project.org/opensc/wiki/GetInvolved _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
