On Sun, Nov 16, 2003, Слепнев Владимир wrote: > Thanks for the concise answer, although I had hoped for something more > reassuring... Unfortunately, implementing a PKCS#11 interface to our > card/applet, as well as writing an ENGINE or a Windows CSP for it, are > all tasks a little out of our time frame for the project. And the > problem seems a typical one, it seems. >
Well CSP/PKCS#11 or an ENGINE would be the "proper" solution. Writing an ENGINE is much easier than CSP/PKCS#11. However there are other solutions which can be handled more quickly and come under the heading of "quick and dirty" and "I'll deny all knowledge of these" :-) Some programming is needed to handle this, you can't handle it with the command line utilities. If you need a valid CSR then you could create one using the normal OpenSSL utilities then edit it with a short C program to replace the public key and resign it with the corrected digest. You'd work out the new digest with ASN1_item_digest() sign it and place in in the signature field. A dirtier technique is to not even bother with the signature and hack the OpenSSL utilities so they don't check the signature any more on a CSR. Doing things that way means you don't need any smart card operations and you just set the public key to the correct value. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
