Open kushaldas opened 1 month ago
@mathiasertl what do you think?
Not really sure what the question is?
Not really sure what the question is?
In django-ca we can sign using RSA keys and any of the given algorithms, but right now we have only SHA256
for RSA2048 and SHA512
for RSA4096 keys on HSM. I am talking about adding support for SHA224, SHA256, SHA384, SHA512
for any given RSA key.
Yes we should absolutely support that!
In https://github.com/mathiasertl/django-ca/blob/1850a72ee3e470318ba726a05b0cb87dc23c3253/ca/django_ca/typehints.py#L42 we have the following allowed algorithms:
But, the
pkcs11
library provides options for https://python-pkcs11.readthedocs.io/en/latest/api.html#pkcs11.mechanisms.MechanismOnly
SHA224, SHA256, SHA384, SHA512
are the common between these two lists.Maybe we can enable any of these options available for the RSA private keys.