6d644880bd
CloudKMS keys signs data using an specific signature algorithm, in RSA keys, this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate will fail unless the template SignatureCertificate is properly set. On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or RSA-PSS schemes, so right now the way to enforce one or the other is to used templates. |
||
---|---|---|
.. | ||
apiv1 | ||
awskms | ||
cloudkms | ||
pkcs11 | ||
softkms | ||
sshagentkms | ||
uri | ||
yubikey | ||
kms.go | ||
kms_test.go |