Hi Steve
Thanks a lot for your reply.
Just another quick question. Do you know by chance an openssl function
that would convert the raw sha1 into a digestinfo structure?
Kind regards
Tim
On 03/15/2013 02:36 PM, Dr. Stephen Henson wrote:
On Fri, Mar 15, 2013, Tim Tassonis wrote:
Hi
I am trying to generate a csr in a c program by having the signing
part done by pkcs11 calls, and while I get no errors, the resulting
csr fails upon validation:
Analysing that CSR the actual signature isn't in the correct form: it just
contains the raw SHA1 digest instead of the required DigestInfo structure.
You can check that using rsautl in a manner similar to that for certificates
mentioned in the manual page.
However:
sign_mechanism.mechanism = CKM_SHA1_RSA_PKCS;
That mechanism *should* produce a signature in the correct format, so possibly
a problem with the PKCS#11 library?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
