This is from X509_certificate_type() in x509type.c: switch (pk->type) { case EVP_PKEY_RSA: ret=EVP_PK_RSA|EVP_PKT_SIGN; /* if (!sign only extension) */ ret|=EVP_PKT_ENC; Is there an intention to alter this routine so that an RSA public key can be designated for signatures only? Thanks in advance. - Dave Clark ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]