[Softhsm-develop] support for CKM_RSA_PKCS key un/wrapping
Petr Spacek
pspacek at redhat.com
Thu Jul 17 17:19:09 UTC 2014
Hello,
I have opened pull request #83 which adds support for CKM_RSA_PKCS key
un/wrapping.
https://github.com/opendnssec/SoftHSMv2/pull/83
Let's discuss about this code and your requirements :-)
Current code uses AsymmetricAlgorithm->encrypt() and decrypt() directly.
I wonder if it is really necessary to introduce new AsymmetricAlgorithm
interface for wrap() and unwrap(). To me it seems that calling encrypt() and
decrypt() with correct AsymMech could be enough...
Other alternative would be to add wrap() and unwrap() interface and simply
relay calls wrap()->encrypt() etc. It would allow us to filter out some
inappropriate mechanism from wrap() call but that is all. (E.g. refusing to do
key wrapping if mechanism is CKM_SHA1_RSA_PKCS or something like that.)
Is it worth doing so? Thank you for your opinions.
I'm looking forward to hear results of code review. Have a nice day!
--
Petr Spacek @ Red Hat
More information about the Softhsm-develop
mailing list