Warn in the documentation against the use of CKM_RSA_PKCS. (#8982)

* Warn in the documentation against the use of CKM_RSA_PKCS

* tweak

* Roger roger.
This commit is contained in:
Scott Miller 2020-05-12 10:56:41 -05:00 committed by GitHub
parent 1fc9b0799a
commit 8805a7b45c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -112,6 +112,11 @@ These parameters apply to the `seal` stanza in the Vault configuration file:
- `0x0009` `CKM_RSA_PKCS_OAEP`
- `0x0001` `CKM_RSA_PKCS`
~> **Warning**: CKM_RSA_PKCS specifies the PKCS #1 v1.5 padding scheme, which is
subject to several padding oracle attacks. Use of CKM_RSA_PKCS_OAEP is
recommended over CKM_RSA_PKCS.
- `hmac_mechanism` `(string: "0x0251")`: The encryption/decryption mechanism to
use, specified as a decimal or hexadecimal (prefixed by `0x`) string.
Currently only `0x0251` (corresponding to `CKM_SHA256_HMAC` from the