Menu
▾
▴
Re: [Ejbca-develop] Ejbca-develop Digest, Vol 129, Issue 5
|
From: Bruce B. <br...@id...> - 2017-02-09 16:46:38
|
SHA384-PSS is our current use case. We have been able to do this with openSSL, but want a more robust solution. We have SHA384 working in ejbca. Now we just need to get PSS working. We are OK with a software solution for a while, although we will need to move to HSM in a few months. For now, a solution which enables PSS in software is fine. Best, Bruce > Message: 2 > Date: Thu, 9 Feb 2017 09:33:36 +0100 > From: Tomas Gustavsson <to...@pr...> > Subject: Re: [Ejbca-develop] Issue certificates with SHA-384/PSS > To: ejb...@li... > Message-ID: <2ab...@pr...> > Content-Type: text/plain; charset=windows-1252 > > > Right, currently only SHA256 is available. Do you have a standard use > case where SHA-384 is needed? To motivate adding the feature. Adding > algorithms for "soft" keystores are actually quite simple, only with > HSMs is it more tricky since currently PSS requires java patches to work > with HSMs for that algorithm. > > Regards, > Tomas > --- > Save time and money with an Enterprise support subscription. Please see > www.primekey.se for more information. > https://www.primekey.se/technologies/products-overview/ > https://www.primekey.se/service-support/support/ > > On 2017-02-08 18:07, Bruce Bernstein wrote: >> Has anyone been able to coerce ejbca community edition to issue >> certificates signed with RSASSA-PSS format SHA-384? It seems from the >> docs that this is only available with the enterprise edition using HSM. >> We need a software solution, preferably with software encoding. Any >> pointers would be appreciated. >> >> Thanks, >> Bruce >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> |
