Skip to content

Commit

Permalink
Warn in the documentation against the use of CKM_RSA_PKCS. (#8982)
Browse files Browse the repository at this point in the history 
* Warn in the documentation against the use of CKM_RSA_PKCS

* tweak

* Roger roger.
  • Loading branch information
@sgmiller @actions-user
sgmiller authored and actions-user committed May 12, 2020
1 parent 29c3c88 commit 7715c23
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions website/pages/docs/configuration/seal/pkcs11.mdx
View file
Expand Up @@ -112,6 +112,11 @@ These parameters apply to the `seal` stanza in the Vault configuration file:
- `0x0009` `CKM_RSA_PKCS_OAEP`
- `0x0001` `CKM_RSA_PKCS`

~> **Warning**: CKM_RSA_PKCS specifies the PKCS #1 v1.5 padding scheme, which is
subject to several padding oracle attacks. Use of CKM_RSA_PKCS_OAEP is
recommended over CKM_RSA_PKCS.


- `hmac_mechanism` `(string: "0x0251")`: The encryption/decryption mechanism to
use, specified as a decimal or hexadecimal (prefixed by `0x`) string.
Currently only `0x0251` (corresponding to `CKM_SHA256_HMAC` from the
Expand Down

0 comments on commit 7715c23

Please sign in to comment.