Shouldn't you have a different signing procedure when using the CKM_RSA_PKCS mechanism?
http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs11-tool.c#L927 CKM_RSA_PKCS only support single-part signatures, thus only the C_Sign and not C_SignUpdate/C_SignFinal. This also applies to some other mechanisms. Perhaps use a similar solution as in the signature testing code? http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs11-tool.c#L2401 But also with maximum length checking for the input data, so that you do not exceed the maximum length for the selected key. // Rickard
PGP.sig
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
