- I hope that this question falls within the boundaries of opensc: -
Trying to sign with the means of a smartcard.
Only 1 Slot is used on the card, rest are empty.
Slot 1 contains 2 certs:
1. X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment, Key
Agreement
2. X509v3 Key Usage: critical
Non Repudiation
The request from receiver is to sign with Non-Repud.
What pkcs11-tool does is that it choses ONLY the key/cert defined as
"critical digital signature", even if I choses a different ID. The program
will not take into consideration that I am changing ID from 00 to 01. I dont
even have to apply ID, but I have to apply correct slot. Here is the
commanline:
pkcs11-tool --login --sign --slot-label BEID --slot 1 --id 01 --module
/usr/lib/libiidp11.so.5.6.0.44 -m SHA1-RSA-PKCS -v -i $1 -o $2
I take into consideration that signing with Non-Repud is formally incorrect,
but this I do not know anything about, and that pkcs11-tool automatically
choses the "correct" ID.
A question is of course if I am setting the command line up correctly with
all the switches necessary to achieve my goal. - In case I will regret;
could anybody in case tell me how to do it?
S
--
View this message in context:
http://old.nabble.com/Why-pkcs11-tool-do-not-chose-signing-with-certs-classified-as-Non-Repud-tp32951305p32951305.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
