Hi
Try the following:
1) get the req_info from the req.
2) i2d the req_info structure
3) hash it
4) sign it using your smart card. You will not have the private key, but
you will have a handle to the pubkey and privkey when you created your
keypair.
5) set the signature bits int eh request.
Don't forget to set signature algorithm identifiers at appropriate places in
the req.
I tried something similar and it worked for me.
Thanx
Himanshu Soni
-----Original Message-----
From: Adam Hernik [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 17, 2001 6:07 AM
To: [EMAIL PROTECTED]
Subject: RE: Making PKCS#10 request without a private key
> I'm trying to make a PKCS#10, without having access to the RSA
> private key.
> The keypair is generated in a smartcard so I only have access to
> the public
> key.
>
> Normally when I generate a PKCS#10 (when I also have access to the private
> key) my code ends up with signing the request.
> Something like this:
> ...
> X509_REQ_sign(pReq, pKey, EVP_sha1())
>
> Obviously I can't sign the request when I don't have the private key.
> So the (maybe stupid) question is:
> Is it at all possible somehow to make a PKCS#10 without a private key?
Sorry maybe I'm stupid but why can't sign request ?
Are you using RSA or memory smartcard ?
What kind card do you try to use ? If you know pin
it's easy to use RSA smartcard encryption/decryption.
--
Adas
--------------------------------------
Don't marry be happy !!!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
