Closed qbert2k closed 8 years ago
bellgrim
commented
8 years ago I have not tested with P-521, but both Botan and OpenSSL should support it and thus also SoftHSM. Do you have more details from your tests? E.g error logs and library versions.
justinburke
commented
8 years ago I've run into this issue as well. The following diff adds a failing test for secp521r1: https://github.com/justinburke/SoftHSMv2/commit/48fd6345b3d423f09dfbf95fcfc12c396a576b39
matthauck
commented
8 years ago Running into this as well. Would be great to add support for secp521r1
bellgrim
commented
8 years ago The problem was in the OpenSSL crypto backend for SoftHSM. It could not handle EC points larger than 127 bytes when converting to ASN1 format. Fixed in #231
matthauck
commented
8 years ago I think this still an issue in the import key logic in softhsm-util. Agreed that this is not the best practice workflow, but the code is there and should probably either be removed or fixed. Reopen this issue or open another one?
bellgrim
commented
8 years ago The issue about ECDSA P-521 via PKCS#11 has been resolved.
Fixing ECDSA P-521 in softhsm2-util would be a new, but similar, issue. Could you create one?
My guess is that we have to fix this: https://github.com/opendnssec/SoftHSMv2/blob/develop/src/bin/util/softhsm2-util-ossl.cpp#L657
matthauck
commented
8 years ago Filed #262!
bellgrim
commented
8 years ago Thanks!
I was testing SoftHSMv2 through PKCS#11 and I found it is working fine for ECDSA algorithms ES256 and ES384 but it is not working for the algorithm ES512 (curve P-521)
Are there any plans for ECDSA with EC P-521 support?