DSA and ECDSA signature format is incompatible with XMLDSig
maarten.bodewes at xs4all.nl
Mon Jul 19 14:32:11 PDT 2010
Darn, that was a bit premature, I don't see how the PKCS#11 provider can
support this. Currently it only lists the SHA256withECDSA and such.
This would make it near impossible to directly perform XML signatures using
a HSM or software PKCS#11 lib.
I'm not sure what output is generated by PKCS#11 natively, but that does not
matter as the provider will certainly generate the DER encoded structure.
At a minimum I think that the algorithms should be included in the PKCS#11
provider, but it makes the argument for the new string less sound.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev