Darn, that was a bit premature, I don't see how the PKCS#11 provider can support this. Currently it only lists the SHA256withECDSA and such.
This would make it near impossible to directly perform XML signatures using a HSM or software PKCS#11 lib. I'm not sure what output is generated by PKCS#11 natively, but that does not matter as the provider will certainly generate the DER encoded structure. At a minimum I think that the algorithms should be included in the PKCS#11 provider, but it makes the argument for the new string less sound. Regards, Maarten
