> > The private key used to sign the OCSP Request > > did you read the quickstart section in [1] ? The value for > the key argument should contain the slodId + key Id. > > Cheers, > Nils > > [1] http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart >
This HSM in particular (RealSec's CryptoSec at http://www.realsec.com/esp/servicios/cifrado.html) does not store private keys, it's only a crypto-accelerator. I've begun analyzing the pkcs11_engine's code and so far I see that in file p11_ops.c (from underlying libp11 project) does not implement the PKCS11_private_encrypt function. Even though it implements a PKCS11_sign function, my belief is that OpenSSL's RSA signature callout directly invokes the hash/encrypt methods, so the error code when executing the signed OCSP Request. Note that the same may be happening when executing OpenSSL's 'rsautl' which is the ticket still open at OpenSC project. Regards, Jesus _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
