On Thu, Nov 10, 2011 at 5:12 PM, weizhong qiang <weizhongqi...@gmail.com> wrote: > > On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote: > >> On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang <weizhongqi...@gmail.com> >> wrote: >>> As I mentioned that I need to use EEC credential to generate a proxy >>> credential (process is the same as you use CA credential to generate a EEC >>> credential). >>> The the generation step, I need to use X509_sign (int X509_sign(X509 *x, >>> EVP_PKEY *pkey, const EVP_MD *md)) which needs private key for signing a >>> X509 certificate. >>> That is the reason I need to take private key out. >>> Could you tell me how to use pkcs11-helper lib to sign a certificate without >>> taking the private key out? to use pkcs11h_certificate_sign? >>> Thanks >>> Weizhong Qiang >>> >>> >>> >> >> No, you should use X509_sign(). >> Why not use EVP_PKEY_assign_RSA(pk,rsa) and use pk? > > This pk here assigned seems to be public key. > >> Not sure but maybe X509_set_pubkey(x509,pk) will be needed. > > I need the private key to sign a X509 certificate, not the public key.
X509 object represents the Certificate within you can find the public key., RSA object represents the private key, you can convert it to EVP_PKEY using the above code. This is not OpenSSL list, I guess you need to switch lists. Your question is: Provided I have X509 and RSA objects, how can I use X509_sign(). Maybe you find this[1] helpful. Alon. [1] http://src.gnu-darwin.org/src/crypto/openssl/demos/selfsign.c.html _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel