Good morning,
i've met a problem while using the method SignInit of NCryptoki, in the HSM used :
1 - When the signature mode CKM_RSA_PKCS of the HSM is allowed, the method SignInit can use the SHA1_RSA_PKCS mecanism.
2 - But if i disallow the signature mode CKM_RSA_PKCS of the HSM, i can't use the SHA1_RSA_PKCS mecanism.
3 - the signature modes allowed in the HSM are :
- CKM_SHA_256_HMAC
- CKM_SHA_384_HMAC
- CKM_SHA_512_HMAC
- CKM_RSA_PKCS_PSS
- CKM_ECDSA
Does an equivalent exist in Cryptoki for those modes ?
Best Regards
Hi,
first of all NCryptoki is a wrapper to the underlying PKCS#11 module related to your HSM. It simply passes the function calls to the HSM as is without doing nothing else. You should read the PKCS#11 specifications to understand the ways to call your HSM (see our wiki: http://wiki.ncryptoki.com)
Then, if you disable CKM_RSA_PKCS, you are disabling RSA algorithm in the HSM, so all other mechanisms related to RSA, such as SHA1_RSA_PKCS, will not work.
Finally, NCryptoki fully support PKCS#11 specifications. All the mechanisms (also the ones you mentioned) are declared in the class Mechanism (see api doc http://www.ncryptoki.com/api-documentation.aspx)
Thank you for your answer.
we voluntarily disabled CKM_RSA_PKCS and we want to use the CKM_RSA_PKCS_PSS enabled.
But we can't find any mecanism which matches with it.
Also, i'm not able to view your link : can't show the content of cryptware.com .
We are currently having some issues with the server cryptware.com. I hope to have all solved in half an hour.
Anyway you can download the API doc from this link: http://www.ncryptoki.com/SharedFiles/Download.aspx?pageid=7&mid=17&fileid=5
I have just seen that the mechanism CKM_RSA_PKCS_PSS is not in the Machanism class. Let's prepare a new version with the missing algo.
That is brilliant !
Thank you for your support.
Instead of adding new mecanism, is there any equivalent in Ncryptoki for those :
?
In the class Mechanism, in the current version, you have the following definitions:
public const int CKM_SHA256 = 0x00000250; public const int CKM_SHA256_HMAC = 0x00000251; public const int CKM_SHA256_HMAC_GENERAL = 0x00000252; public const int CKM_SHA384 = 0x00000260; public const int CKM_SHA384_HMAC = 0x00000261; public const int CKM_SHA384_HMAC_GENERAL = 0x00000262; public const int CKM_SHA512 = 0x00000270; public const int CKM_SHA512_HMAC = 0x00000271; public const int CKM_SHA512_HMAC_GENERAL = 0x00000272;
Actually in the Mechanism class there are all the mechanisms defined in the PKCS#11 2.20 specifications
To use CKM_RSA_PKCS_PSS mecahanism you don't need a new version. You can use this code:
Mechanism mechanism = new Mechanism(Mechanism.CKM_RSA_PKCS_PSS, param);