RSASSA-PSS with SHA256 return CKR_MECHANISM_INVALID

xipki / pkcs11wrapper

PKCS#11 Wrapper for Java. Deprecated. Please use xipki/ipkcs11wrapper (preferred) or xipki/jpkcs11wrapper instead.

Other

34 stars 13 forks source link

RSASSA-PSS with SHA256 return CKR_MECHANISM_INVALID #4

Closed armando-basile closed 4 years ago

armando-basile commented 4 years ago

Hi Xipki, i trying to generate signature using mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS_PSS and params:

iaik.pkcs.pkcs11.parameters.Parameters mechParams = new RSAPkcsPssParameters(Mechanism.get(PKCS11Constants.CKM_SHA256),
        PKCS11Constants.CKG_MGF1_SHA256, new SHA256Digest().getDigestSize());

but i receive always CKR_MECHANISM_INVALID

i saw also that RSAPkcsPssParameters was deprecated but i doesn't found any new pattern.

Could you help me ?

xipki commented 4 years ago

Could you please post here your code to generate the signature? Additionally, please post also the mechanisms supported by the device. You get them via the following code:

Mechanism[] mechanisms = slot.getToken().getMechanismList();

armando-basile commented 4 years ago

Hi xipki, thanks for your response.

this is machanism list https://justpaste.it/3behc and seems that is not present CKM_SHA256_RSA_PKCS_PSS

xipki commented 4 years ago

Since the mechanism CKM_RSA_X_509 is supported, you can use it to generate PSS signature. However, you need to prepare all except the RSA sign by yourself.