On Fri, 2015-12-18 at 16:46 +0100, Nikos Mavrogiannopoulos wrote: > On Thu, 2015-12-17 at 22:06 +0000, Blumenthal, Uri - 0553 - MITLL > wrote: > > I’m playing with RSA-PSS and PKCS11 engine (in OpenSSL, of course :). > [...] > > But this doesn’t: > > > > $ openssl dgst -engine pkcs11 -keyform engine -verify > > "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt > > The current implementation of engine_pkcs11 seems to work with private > keys and certificates only. I've added a fix in engine_pkcs11, but it > seems that public key types were never tested for PKCS#11 URLs.
Yes, mea culpa. I added the basic PKCS#11 URI parsing, and failed to test it with public keys. I still suspect we should be using p11kit and not reimplementing the PKCS#11 URI parsing for ourselves. But really I want the whole engine to die and PKCS#11 to be supported as a first-class citizen within OpenSSL in crypto/p11/... -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
