The rpoblem is, that the handling of the samrt card is a bit complicated in the state it is now, and I'm simply not sure, wether I am able to make the certificate without using the private key at all (that is without signing, too).
cheers Mathias Am 01. Oct 2007, schrieb Mike Nelson: >Yes. First you generate the private-public key pair in the smart >card. Then you get the public key out of the smart card, into your >computer's memory. You put your X.500 information, such as DN, etc., >typically into a small text file on your HDD. Your application reads >the info, and builds a pkcs10 certificate request, using the info and >the public key. Finally you use the private key that lives in the >smart card, to sign your p10 request. The cert request is submitted >to a CA, which will issue a cert if it is happy with your request. >How do you extract the public key from your card, and how do you tell >the card to perform a signing operation on your p10 data? The smart >card will have some sort of API, such as pkcs11, and you use that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
