luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Warn in the documentation against the use of CKM_RSA_PKCS. (#8982) 

* Warn in the documentation against the use of CKM_RSA_PKCS

* tweak

* Roger roger.
This commit is contained in:
Scott Miller 2020-05-12 10:56:41 -05:00 committed by GitHub
parent 1fc9b0799a
commit 8805a7b45c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
website/pages/docs/configuration/seal/pkcs11.mdx
View File

@ -112,6 +112,11 @@ These parameters apply to the `seal` stanza in the Vault configuration file:
- `0x0009` `CKM_RSA_PKCS_OAEP`
- `0x0001` `CKM_RSA_PKCS`
~> **Warning**: CKM_RSA_PKCS specifies the PKCS #1 v1.5 padding scheme, which is
subject to several padding oracle attacks. Use of CKM_RSA_PKCS_OAEP is
recommended over CKM_RSA_PKCS.
- `hmac_mechanism` `(string: "0x0251")`: The encryption/decryption mechanism to
use, specified as a decimal or hexadecimal (prefixed by `0x`) string.
Currently only `0x0251` (corresponding to `CKM_SHA256_HMAC` from the