On 06/30/2011 11:25 AM, James Berry wrote:
Hi:
I need to sign a challenge string using the private key present on a
smartcard. The smartcard has a PKCS11-compliant library and I have
been able to open the card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format to be sent
elsewhere for verification. That verification is going to happen on a
server running .net using the System.Cryptography.Pkcs.SignedCms class.
Whilst I can find reference on the net to openssl being able to create
PKCS7 signed messages, and also plug in a PKCS11 provider I can't find
any good example code for either, and being a beginner at openssl I
don't really know where to start. Do I need to use the open-sc PKCS11
engine?
That is the best -if not only- option, in my opinion.
I'm sorry but I cannot provide sample code, anyway you can also automate
the procedure by using OpenSSL with a batch command and writing a proper
openssl configuration file.
Can someone point me to some good examples that I can follow, or
outline what I'll need to do to put together what I would imagine is
quite a simple process "when you know how" :-)
Best wishes
James