"Hul van den, G (Gerrit)" wrote:
>
> Hi all,
>
> I want to build a pkcs10 request using the openssl software, but with the
> private/public key on a smartcard. I have a pcks11 library to access the
> smartcard.
>
> If have stripped the req.c source, and now I have to do two things:
> - Push the public key into the pkcs10 request structure.
> - Sign the request.
>
> To begin with the sign: This is not to difficult: I'll sign the request with
> the pkcs11 library and push the sign into the request structure. I think
> this will work.
>
> Pushing the public key is different. The openssl req command expects a
> private key. It extracts the public key from the private key and pushes the
> public key into the pkcs10 request.
>
> I don't have access to the private key: it is on the smartcard, but it is
> possible to read the public key components: the modulus and exponent.
>
> I have tried to analyse how the public key is retrieved from the private key
> in the req command and how it is pushed into the request, but I can't find
> the solution for my problem:
>
> howto push the public key (modulus and exponent) directly into the
> pkcs10 request structure -> the X509_REQ structure in req.c; defined in
> x509.h.
>
> Does someone have any idea?
>
> Greetings,
>
Inside the array PublicKeys[] i've the public keys parameters stored in the token....
pkey=EVP_PKEY_new();^M
^M
rsapubkey=RSA_new();^M
^M
// We must get the hex version of the modulus and the exponent...^M
strcpy(modstring,"");^M
for(k=0;k<MODULUS_SIZE;k++)^M
{^M
sprintf(hexchar,"%02.2x",PublicKeys[SelectedKeyPair].Modulus[k]);^M
strcat(modstring,hexchar);^M
}^M
^M
strcpy(expstring,""); ^M
for(k=0;k<EXPONENT_SIZE;k++)^M
{^M
sprintf(hexchar,"%02.2x",PublicKeys[SelectedKeyPair].Exponent[k]);^M
strcat(expstring,hexchar);^M
}^M
^M
BN_hex2bn(&(rsapubkey->n),modstring);^M
BN_hex2bn(&(rsapubkey->e),expstring);^M
rsapubkey->d=NULL;^M
rsapubkey->p=NULL;^M
rsapubkey->q=NULL;^M
^M
#ifdef RABSER_DEBUG^M
printf("Request ModString is %s\n",modstring);^M
printf("Request ExpString is %s\n",expstring);^M
#endif^M
^M
EVP_PKEY_assign_RSA(pkey,rsapubkey);
So you have a pkey to pass to the request creation call....
This works for me .... (Eutron CryptoIdentity USB Token with PKCS#11 Interface)
> Gerrit
>
> **************************************
> Gerrit van den Hul
> Senior Software Designer
> Altium - Think it, Design it, Build it
> Phone Rabobank: +31 30 21 51 390
> Phone Altium: +31 33 455 8584
> Fax Altium: +31 33 455 5503
> mobile: +31 6 1464 9859
> E-Mail Rabobank: [EMAIL PROTECTED]
> E-Mail Altium: [EMAIL PROTECTED]
> Private E-mail: [EMAIL PROTECTED]
> URL: http://www.altium.com
> **************************************
>
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ================================================
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
