> The usual way to do this kind of thing is to write your own RSA_METHOD
> to hand over the signing operation (which will probably be
> RSA_private_encrypt() ) to the smart card, then place the result in an
> EVP_PKEY structure.
> What this ultimately does it calls application supplied functions when
> the particular key is used. Then you just sign as normal but pass it
> your smart card EVP_PKEY structure for the private key.
Excuse me, probably I didn't understand well what you said.
I have a similar problem.
Some smartcards receive the data and put them in a PKCS#1 structure before
signing them (but they put the Sha1 Identifier in the
DigestAlgorithmIdentifier field)
This signatures are well verified by Open SSL if I put them into a signed
PKCS#7 and push a Sha1 algorithm identifier into the algorithms stack.
Some others smartcards simply encrypt with the private key what you thell
them to sign.
I can't verify these signatures with Open-SSL.
I can't fetch from smartcard the whole private key because the key are
onboard generated and only the modulus and public exponent (that is, the
public key) are extractable (so how can i put my smartcard private key into
an EVP_PKEY?)
How can put these raw raw signatures in a PKCS#7?
How can i verify smartcard signatures with algorithms other than Sha1?
Thanks in advance
--------------------------------------------------------------------------
Marco Donati
Context Security - Software
P.zza Liberazione, 25 - 20013 Magenta (MI)
Phone: ++39-02-97291291, Fax: ++39-02-97298225
E-Mail: [EMAIL PROTECTED], Web site:http://www.csg.it
--------------------------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
