Hi I am using OpenSSL 1.0.2 on Windows 7 (Visual Studio) and I am trying to use a third part pkcs11 library to sign a certificate signing request (csr).
The private and public keys are generated and stored on a usb token, and there is no way of accessing them as files or blobs, but only attributes. I have created the certificate request using X509_REQ_new() and its related functions, but I am not able to sign the certificate request (using X509_REQ_sign) as I don't have access to the private, or even the public key. I can only call the pkcs11 function C_SignInit/C_Sign to perform rsa signing on a given data, and I can only extract the public key's public exponent and modulus. I have read that one way to solving this is by using an engine that performs the signing, but the usb vendor doesn't provide an openssl engine, so I think I have no choice but to somehow inject the modulus and exponent into the publickey structure EVP_PKEY and somehow rewrite the signing function X509_REQ_sign so that it internally calls my token's sign function..? Any help is highly appreciated, Thank you! -- View this message in context: http://openssl.6102.n7.nabble.com/applying-usb-token-generated-signature-to-certificate-request-csr-tp49151.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
