Hi, [EMAIL PROTECTED] (Arnaud Ebalard) writes:
>> If a token supports it but the PKCS#11 ENGINE has no equivalent that's >> an ENGINE implementation issue. > > I just took some minutes to look at the code and RSA_sign() > implementation in libp11 (PKCS11_sign() in p11_ops.c) basically makes a > direct PKCS#11 call (C_Sign and CKM_RSA_PKCS) after the hash length > check and OID additions when OpenSSL call RSA_private_encrypt(). > > In libp11, the implementation of RSA_private_encrypt() is an empty shell > that simply returns "Not supported". > > In the end, if I follow your first comment (C_Sign and the CKM_RSA_PKCS > mechanism are the PKCS#11 equivalent of RSA_private_encrypt()), I don't > see why the PKCS#11 call is not in the implementation of > RSA_private_encrypt() in libp11, which would be called by RSA_sign(). > > I will check that with the libp11 developers and stop the noise on > openssl-dev. I'll made a post here at the end of the story. Last week, I submitted a patch to OpenSC developers, which adds support in libp11 for PKCS11_private_encrypt() (the handler used when OpenSSL RSA_private_encrypt() is caled). It has been accepted, commited to their SVN and is now available in the recently released 0.2.4 version. Cheers, a+
pgpw2QLW8loMe.pgp
Description: PGP signature
