[Softhsm-develop] support for CKM_RSA_PKCS key un/wrapping

Petr Spacek pspacek at redhat.com
Thu Jul 17 17:19:09 UTC 2014


Hello,

I have opened pull request #83 which adds support for CKM_RSA_PKCS key 
un/wrapping.
https://github.com/opendnssec/SoftHSMv2/pull/83

Let's discuss about this code and your requirements :-)

Current code uses AsymmetricAlgorithm->encrypt() and decrypt() directly.

I wonder if it is really necessary to introduce new AsymmetricAlgorithm 
interface for wrap() and unwrap(). To me it seems that calling encrypt() and 
decrypt() with correct AsymMech could be enough...

Other alternative would be to add wrap() and unwrap() interface and simply 
relay calls wrap()->encrypt() etc. It would allow us to filter out some 
inappropriate mechanism from wrap() call but that is all. (E.g. refusing to do 
key wrapping if mechanism is CKM_SHA1_RSA_PKCS or something like that.)

Is it worth doing so? Thank you for your opinions.

I'm looking forward to hear results of code review. Have a nice day!

-- 
Petr Spacek  @  Red Hat



More information about the Softhsm-develop mailing list