000011948 - Is SHA-256 supported on RSA_CM with a HSM via P11?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011948
Applies ToRSA Certificate Manager 6.8
RSA Certificate Manager (RCM)
Sun Solaris 2.8
SafeNet  Luna SA 4.3.2
SafeNet Luna SA
Hardware Security Module (HSM)
IssueIs SHA-256 supported on RSA_CM with a HSM via P11?
RCM will not allow me to create a CA with SHA-256 in RSA for the SafeNet device.
Cause

With RSA Certificate Manager 6.8 build 514 and RSA Certificate Manager API can create keys on tokens. Luna CA3 supports key generation for varying key lengths in RSA and DSA key pairs.

RSA: 1024 bits, 2048 bits, 4096 bits

DSA: 512 bits, 1024 bits, 2048 bits

Resolution

This is been added with with latest RCM Hot Fix, and it shows this in README:

****
Ability to support the SHA-2 algorithms using a PKCS #11 device

Prior to build 517, the SHA-2 algorithms using PKCS #11 device was not supported. Even if the PKCS #11 device supported the SHA-2 algorithms, these algorithms were not listed while creating the CA using Certificate Manager. As a result, Certificate Manager was unable to use the SHA-2 algorithms while creating the CA keys using PKCS #11 devices.

In RSA Certificate Manager 6.8 build517, this issue is fixed. Certificate Manager can now create the CA with SHA-256, SHA-384, or SHA-512 hash algorithms while using PKCS #11 devices.
****

Contact RSA Support and request RCM 6.8 build 517 hot fix.

Legacy Article IDa50298

Attachments

    Outcomes