[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Signature format and smart cards
Hi Brian,
I have successfully tested with two smart cards and have had no problems, a
DataKey SignatureSure and a Chrysalis-ITS Luna Token, both use a PKCS-11
type interface. As well Tero mentioned others.
I remember discussing this a while ago, but can't remember whether it was on
the list or in person. Either way since there was enough smart cards that
did support OIDless encryption it wasn't a problem.
Personally I would rather see a smart card vendor do a driver update than
change the spec at this point.
Bye.
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com
> ----------
> From: Brian Swander[SMTP:briansw@microsoft.com]
> Sent: Tuesday, July 07, 1998 6:28 PM
> To: 'ipsec@tis.com'
> Subject: Signature format and smart cards
>
> The IKE signature format demands that the algo OID not be present in the
> signature. Smart card vendors are not supporting this format, but instead
> doing the standard pkcs1 with the OID.
>
> It is unlikely that all the vendors will ship using our format, and at the
> same time, IKE needs to be able to use certs from smart cards.
>
> I propose:
>
> Set the reserved field of the sig_payload header to 1 to signal standard
> pkcs1 with the OID, 0 otherwise.
>
> bs
>