README revision c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5
6be66de4257f4f564e35f7b8ee57a282e3cf3e96vboxsync"pkcs11-hmacmd5" is here to check for the presence of a known bug in
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsyncthe Thales nCipher PKCS#11 provider library. To test for the bug, use
365b40dec2ed01d9983d29e276e7431c5a4a9c18vboxsyncpkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsyncwhether the resulting digest is is correct. For instance:
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsync echo -n "Hi There" | \
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsync ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsync...must return "9294727a3638bb1c13f48ef8158bfc9d".
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsyncIf any other value is returned, then the provider library is buggy,
9eb499828dd875d229531b50d05f016b8a1f1dd9vboxsyncand theflag PK11_MD5_HMAC_REPLACE must be defined in
6be66de4257f4f564e35f7b8ee57a282e3cf3e96vboxsyncHowever, if the correct value is returned, then it is safe to turn
6be66de4257f4f564e35f7b8ee57a282e3cf3e96vboxsyncoff PK11_MD5_HMAC_REPLACE. (It is on by default.)