[openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Dec 18 16:34:57 UTC 2015
On 12/18/15, 10:46 , "openssl-dev on behalf of Nikos Mavrogiannopoulos"
<openssl-dev-bounces at openssl.org on behalf of nmav at redhat.com> wrote:
>On Thu, 2015-12-17 at 22:06 +0000, Blumenthal, Uri - 0553 - MITLL
>wrote:
>> I’m playing with RSA-PSS and PKCS11 engine (in OpenSSL, of course :).
>[...]
>> But this doesn’t:
>>
>> $ openssl dgst -engine pkcs11 -keyform engine -verify
>> "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt
>
>The current implementation of engine_pkcs11 seems to work with private
>keys and certificates only. I've added a fix in engine_pkcs11, but it
>seems that public key types were never tested for PKCS#11 URLs.
I’ll be happy to help testing your fix(es).
Am I correct assuming that the correct behavior would be retrieving the
public key (or certificate) from the token? I could not find the code for
that, perhaps it needs to be added?
Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151218/a5a4bc45/attachment-0001.bin>
More information about the openssl-dev
mailing list