-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: make EC_POINT_NO_ASN1_OCTET_STRING a runtime option in pkcs11-tool #1286
Comments
Does it even make sense to write EC keys not in DER? |
Agreed - strange that RHEL made the decision to send content bytes instead of DER. Can I propose that the workaround be removed altogether? Maybe the naming of the define is confusing: it sounds like if you define it you will send "NO_ASN1" (which means content bytes?), therefore the packager chose not to define it. Just speculating here. I'll PR it... |
- Fixes OpenSC#1286: "Does it even make sense to write EC keys not in DER?" - the naming of the define was confusing, anyway
Fixes OpenSC#1286. The behaviour of pkcs11-tool will follow the standard - send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will write plain bytes.
Fixes OpenSC#1286. The behaviour of pkcs11-tool will follow the standard - send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will write plain bytes.
With accepting #1287, I think we can close this issue, right? |
@frankmorgner Yes, thank you. |
Fixes #1286. The behaviour of pkcs11-tool will follow the standard - send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will write plain bytes.
Problem Description
Version: RHEL packaging opensc-0.16.0-5.20170227git777e2a3.el7.x86_64
For pkcs11-tool --write of EC public keys SafeNet HSM requires the full DER (including TAG, LENGTH). Depending on packagers option we send full DER or just content bytes.
Proposed Resolution
Command line option for pkcs11-tool to enable or disable DER TAG/LENGTH on writing EC public keys
Steps to reproduce
See also
#1285
The text was updated successfully, but these errors were encountered: