Simo Sorce

Do you want me to raise the minimum with an additional patch to this PR ?

I think we can just require a newer version in general, no need to strictly require = 1.4.2

@mikewiacek eventually it does not matter if the file you are testing *now* "pretends" to have been signed in the past, once you distrust SHA1 signatures, you just do not...

@mikewiacek you *may* have a legitimate niche use case, that in no way implies what I said about trust and general usefulness is not true.

> > 2. instead of comparing keys, try a public key vs private key operation, like signing a known string with the provided private key, and verifying it with the...

> > I still think that properly fixing EVP_PKEY_eq() is a good idea, as this problem may happen elsewhere as well. > > IMO doing keypair operation as part of...

@t8m here https://github.com/latchset/pkcs11-provider/issues/94#issuecomment-1308311754 you mention the issue of caching in evp_keymgmt_util_export_to_provider(), the questions is ... do we actually need to cache? If we skip caching this becomes easier

The other option is to add a selection argument to OP_CACHE_ELEM ... is this acceptable ?

I am working on a patch, I think discussion will be easier once I post a PR at this point.

One comment is that you can avoid performance penalties by keeping around the JWK object as it has a cache to hold onto a pyca key exactly to avoid costly...