Thank you for the reply. The news about OpenSSL 0.9.5 dev is pleasing; thanks. Your comments about doing RSA private encrypt via PKCS#11 confuse me. Perhaps I am reading two points as one? How do I use the C_Sign() and C_VerifyRecover()? I'm a bit confused about what that paragraph means. Is it true that I cannot do the RSA_private_encrypt(MD5+SHA1) operation via PKCS#11 by using the C_Sign() function? I figure that the only possible way to perform that operation would be to call C_Encrypt() and passing it the private key, which I haven't been able to get to work so far. Regards, Steven > -----Original Message----- > From: Dr Stephen Henson [SMTP:[EMAIL PROTECTED]] > Sent: Sunday, January 16, 2000 4:18 AM > To: [EMAIL PROTECTED] > Subject: Re: Trying to use PKCS#11 from within SSL > > PKCS#11 does support RSA_private_encrypt(), RSA_public_decrypt() but > individual libraries may not. You need the mechanism CKM_RSA_PKCS and > the functions C_Sign() and C_VerifyRecover(). Its the last one that can > prove a problem. With OpenSLL 0.9.5 you can use C_Verify() instead. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]