On Monday 04 August 2003 21:15, David Mattes wrote: > hi, > > i'm trying to use OpenSSL s_client with OpenSC PKCS#15 engine. the > engine works for operations such as key generation and PKCS#1 > signatures. i've modified the s_client code to be able to use a private > key on the smartcard via the OpenSC engine. i'm running into some > problems with computing signatures for the SSL client verify. i think > the problem is that ssl client verification is a signature computed over > concatenated MD5 and SHA1 hashes of ssl handshake messages. on the > other hand PKCS#1 signature generation expects a DigestInfo structure,
Not necessarily, what you need here is to compute a CKM_RSA_PKCS (pkcs11) signature and OpenSC should support this mechanism (if the smartcard key supports it). > which also contains the algorithm identifier for the hash. since there > is no algorithm identifier for MD5-SHA1 concatenation, the opensc engine > doesn't know what to do with the incoming data. can anybody confirm > this? does anybody have some suggestions how to properly address this > issue? > > here are the error messages generated during the connection attempt. > i'm using opensc-20030701 snapshot and openssl-0.9.7b. As the OpenSC padding code has been changed recently please try a more recent OpenSC snapshot. Note: I've successfully tested client authentication using Mozilla with the OpenSC pkcs11 lib. Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]