Jan Just Keijser wrote:
Jean-Michel Pouré - GOOZE wrote:
On Fri, 2010-05-07 at 12:36 +0200, Jan Just Keijser wrote:
I will test it with openssl 0.9.8 next week
I think the alternative would be to generate the keys/certificates
outside the smartcard and transfer them to smartcard.
Everything is explained here:
http://www.gooze.eu/howto/smartcard-quickstarter-guide/generating-transferring-and-extracting-x-509-certificates
These are two separate test:
I can generate onboard keys if i use pcsc-lite-1.5.6-svn-* .
The second test is:
A valid private key + certificate are transferred to the smartcard
(using pkcs15-init -X/-S); I cannot sign a certificate request using the
key on the smartcard no matter which version of pcsc-lite I try. I will
try this in combination with openssl 0.9.8 this week.
I ran into this problem when trying to use the engine code with the private key,
from the openssl req command.
The load_key would always pass in FORMAT_PEM rather then FORMAT_ENGINE
The attached mode uses -keyform engine
The patch was to an early 0.9.8 version.
openssl << EOT
engine dynamic -vvvv -pre SO_PATH:$OPENSC_ENGINE/engines/engine_pkcs11.so
-pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD
-pre MODULE_PATH:$OPENSC_PATH/opensc-pkcs11.so
version
req $SSLEAY_CONFIG -engine pkcs11 -md5 -new -key slot_0-id_$ID
-keyform engine -out cards/$1.myreq.$KEYID.pem -text
EOT
Note lines were wrapped for this e-mail.
cheers,
JJK
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--- apps/,x509.c Sat Jul 16 06:13:03 2005
+++ apps/x509.c Fri May 5 11:07:47 2006
@@ -964,7 +964,7 @@
else
{
pk=load_key(bio_err,
- keyfile, FORMAT_PEM, 0,
+ keyfile, keyformat /*FORMAT_PEM*/, 0,
passin, e, "request key");
if (pk == NULL) goto end;
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel