Menu
▾
▴
Re: [Ejbca-develop] Ejbca-develop Digest, Vol 129, Issue 5
|
From: Tomas G. <to...@pr...> - 2017-02-10 08:13:40
|
If you're able to dig into the code a patch would be appreciated. Adding a "soft" algorithm doesn't require many changes. Regards, Tomas --- RSA Conference 2017 ------------------------------------------------------------------ San Francisco | February 13-17 | Moscone Center Come visit us in booth #627 at RSA Conference 2017! Want a free expo pass? Go to https://www.rsaconference.com/events/us17/register and use the code: XE7PRMKEY On 2017-02-09 17:46, Bruce Bernstein wrote: > SHA384-PSS is our current use case. We have been able to do this with > openSSL, but want a more robust solution. We have SHA384 working in > ejbca. Now we just need to get PSS working. > We are OK with a software solution for a while, although we will need to > move to HSM in a few months. For now, a solution which enables PSS in > software is fine. > Best, > Bruce > > >> Message: 2 >> Date: Thu, 9 Feb 2017 09:33:36 +0100 >> From: Tomas Gustavsson <to...@pr...> >> Subject: Re: [Ejbca-develop] Issue certificates with SHA-384/PSS >> To: ejb...@li... >> Message-ID: <2ab...@pr...> >> Content-Type: text/plain; charset=windows-1252 >> >> >> Right, currently only SHA256 is available. Do you have a standard use >> case where SHA-384 is needed? To motivate adding the feature. Adding >> algorithms for "soft" keystores are actually quite simple, only with >> HSMs is it more tricky since currently PSS requires java patches to work >> with HSMs for that algorithm. >> >> Regards, >> Tomas >> --- >> Save time and money with an Enterprise support subscription. Please see >> www.primekey.se for more information. >> https://www.primekey.se/technologies/products-overview/ >> https://www.primekey.se/service-support/support/ >> >> On 2017-02-08 18:07, Bruce Bernstein wrote: >>> Has anyone been able to coerce ejbca community edition to issue >>> certificates signed with RSASSA-PSS format SHA-384? It seems from the >>> docs that this is only available with the enterprise edition using HSM. >>> We need a software solution, preferably with software encoding. Any >>> pointers would be appreciated. >>> >>> Thanks, >>> Bruce >>> >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
