CSR creation using pkcs11 dynamic engine

Selva Nair selva.nair at gmail.com
Tue Jun 1 15:15:13 UTC 2021


Hi Piotr,

On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz <piotr.lobacz at softgent.com>
wrote:

> Hi,
> i have managed to find the engine method static EVP_PKEY
> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
> void *callback_data) in libp11 package. I have also made a printf callback
> and i see the output that method is being called, but the problem is that i
> think i need to set this flag RSA_FLAG_EXT_PKEY in EVP_PKEY object which
> i don't know how to do is it even possible?
>

The flag on the key is always set by libp11 (look for RSA_set_key in
p11_rsa.c). What it doesn't set is any flags on the method -- which you
wanted to satisfy dotnet. For testing you could add it -- look for
PKCS11_get_rsa_method in the same file.

Selva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210601/0cf76a47/attachment.html>


More information about the openssl-users mailing list