[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 0.9rc1 Comment #2

To: heimdal-discuss@sics.se, "Douglas E. Engert" <deengert@anl.gov>
Subject: Re: 0.9rc1 Comment #2
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 28 Jun 2007 15:21:46 -0700
In-Reply-To: <468428D3.8050308@anl.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <E9871383-583F-4CAA-BA4E-D5E61323EC51@jpl.nasa.gov> <468428D3.8050308@anl.gov>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

Oh.  Thanks.

That would make it harder to FIPS-140 certify a chain using opensc  
than a chain using openssl wouldn't it?

On Jun 28, 2007, at 2:32 PM, Douglas E. Engert wrote:

> Henry B. Hotz wrote:
>> hxtool run against a prototype PIV card prints (in addition to  
>> lots of good stuff!):
>
> But none of these comes off the card, it comes from the opensc- 
> pkcs11.so
> as the digests and padding are done in software, The PIV card only
> supports raw RSA.
>
> Other cards may support more on the card.
>
>>> number of supported mechanisms: 12
>>>   sha1: digest
>>>   unknown-mech-592: digest
>>>   unknown-mech-608: digest
>>>   unknown-mech-624: digest
>>>   md5: digest
>>>   ripemd-160: digest
>>>   rsa-x-509: unwrap, verify, sign, decrypt, hw
>>>   rsa-pkcs: unwrap, verify, sign, decrypt, hw
>>>   sha1-rsa-pkcs: verify, sign
>>>   md5-rsa-pkcs: verify, sign
>>>   ripemd160-rsa-pkcs: verify, sign
>>>   rsa-pkcs-key-pair-gen: genereate-key-pair
>> I don't know if it's easy to track down what those digest  
>> mechanisms are, or even if I should care.
>> --------------------------------------------------------------------- 
>> ---
>> The opinions expressed in this message are mine,
>> not those of Caltech, JPL, NASA, or the US Government.
>> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>
> -- 
>
>  Douglas E. Engert  <DEEngert@anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444

References:
- 0.9rc1 Comment #2
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: 0.9rc1 Comment #2
  - From: "Douglas E. Engert" <deengert@anl.gov>

Prev by Date: Re: Why is the server using DES but not RC4?
Next by Date: Re: Why is the server using DES but not RC4?
Prev by thread: Re: 0.9rc1 Comment #2
Index(es):
- Date
- Thread