[SignServer-develop] Is it possible to generate only a cryptographic signature using SignServer 3.7

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello all,

I'm using SignServer 3.7.0 to sign documents.
The client can only send the digest of the documents to be signed 
(CAdES, XAdES and PAdES signatures)
I have to generate the cryptographic signature with the client private 
key stored in an HSM and the client will then create the final signature 
envelope.

I would like to know if the MRTDSigner allows to perform this operation 
(I need to use RSA and ECDSA algorithms)

Note : I found the following lines in the source code (MRTDSigner.java),

             // Using a PKCS#11 HSM plain RSA Cipher does not work, but 
we have to use RSA/ECB/PKCS1Padding
             // It may be possible to use that, if the data is already 
padded correctly when it is sent as input, but only for
             // PKCS#1, not PSS. Sun's PKCS#11 provider does not supoprt 
PSS (OAEP) padding yet as of 2009-08-14.
             // The below (plain RSA) works for soft keystores and 
PrimeCardHSM
             c = Cipher.getInstance("RSA", 
getCryptoToken().getProvider(ICryptoToken.PROVIDERUSAGE_SIGN));

Best regards,

Khadija FERJANI

[SignServer-develop] Is it possible to generate only a cryptographic signature using SignServer 3.7

[SignServer-develop] Is it possible to generate only a cryptographic signature using SignServer 3.7.0