On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote: > On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang <weizhongqi...@gmail.com> > wrote: >> As I mentioned that I need to use EEC credential to generate a proxy >> credential (process is the same as you use CA credential to generate a EEC >> credential). >> The the generation step, I need to use X509_sign (int X509_sign(X509 *x, >> EVP_PKEY *pkey, const EVP_MD *md)) which needs private key for signing a >> X509 certificate. >> That is the reason I need to take private key out. >> Could you tell me how to use pkcs11-helper lib to sign a certificate without >> taking the private key out? to use pkcs11h_certificate_sign? >> Thanks >> Weizhong Qiang >> >> >> > > No, you should use X509_sign(). > Why not use EVP_PKEY_assign_RSA(pk,rsa) and use pk?
This pk here assigned seems to be public key. > Not sure but maybe X509_set_pubkey(x509,pk) will be needed. I need the private key to sign a X509 certificate, not the public key. Weizhong _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
