[openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

[Nikos Mavrogiannopoulos]

On Thu, 2015-12-17 at 22:06 +0000, Blumenthal, Uri - 0553 - MITLL
wrote:
> I’m playing with RSA-PSS and PKCS11 engine (in OpenSSL, of course :).
[...]
> But this doesn’t:
> 
> $ openssl dgst -engine pkcs11 -keyform engine -verify
> "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt

The current implementation of engine_pkcs11 seems to work with private
keys and certificates only. I've added a fix in engine_pkcs11, but it
seems that public key types were never tested for PKCS#11 URLs.

regards,
Nikos