I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It seems that I can load the private key and sign, but the public key is not loaded.
I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that. OpenSSL error is the following, after loading the key: error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding Regards, 2011/8/13 Felipe Blauth <f...@inf.ufsc.br> > Thank you, I'll check it out. > > 2011/8/12 Douglas E. Engert <deeng...@anl.gov> > > No it has not been incorporated because it requires an OpenSSL >> internal header file ecs_locl.h, thus making it impractical to >> compile in to any package. >> >> This is a known bug: >> >> http://rt.openssl.org/Ticket/Display.html?id=2459&user=guest&pass=guest >> >> It also appeared on the OpenSSL mailing list. >> >> The patch should still work. Please try it, and you can >> also add comments to the OpenSSL bug report. >> >> >> On 8/12/2011 2:12 PM, Felipe Blauth wrote: >> > Hello. >> > >> > I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL >> EVP_PKEY's trough "ENGINE_load_<key_type>_key" methods. It works very well >> with RSA keys, but it doesn't recognize ECDSA keys. >> > >> > Searching trough the web, I've found that Douglas had a patch for it at >> http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg07785.html >> . >> > >> > Was that ever incorporated? I couldn't find in the latest snapshots. >> > >> > Thank you very much. >> > >> > -- >> > Felipe Menegola Blauth >> > >> > >> > >> > _______________________________________________ >> > opensc-devel mailing list >> > opensc-devel@lists.opensc-project.org >> > http://www.opensc-project.org/mailman/listinfo/opensc-devel >> >> -- >> >> Douglas E. Engert <deeng...@anl.gov> >> Argonne National Laboratory >> 9700 South Cass Avenue >> Argonne, Illinois 60439 >> (630) 252-5444 >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >> > > > > -- > Felipe Menegola Blauth > -- Felipe Menegola Blauth
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
