-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm writing a little howto on using HSMs, part of which is
about
openssl's EVP API, and the pkcs11 engine that came with
opensc.
While I do have it working with the few pieces of hardware i
have here,
I do wonder about a few things. The first of these have to
do with
EVP_SignInit_ex (and probably the other _Init_ex
functions):
(if this is the wrong list, please accept my apologies and
point me to
the right one)
I've initialized the engine with ENGINE_by_id and the id
'pkcs11' and
ENGINE_init(engine).
It does not seem to matter what id i gave it in my
OPENSSL_CONF file. Is
the name hardcoded somewhere (if not this question should
probably go to
an openssl list)?
Then I load an RSA key from the engine, which also works.
Now i can initialize a signing operation by using
EVP_SignInit_ex(ctx, EVP_sha1(), NULL);
but not
EVP_SignInit_ex(ctx, EVP_sha1(), engine);
because the engine does not seem to have any digest
algorithm
implementations (in fact, i think the list of
implementations is not
just empty, it's null).
My guess would be that the signing itself uses the engine
because the
key references it (because i got it with
ENGINE_load_private_key())
Does the pkcs11 engine only implement signing/encrypting/etc
and no
digests? Or did i miss an initialization step somewhere?
Thanks in advance,
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH/Hlo4nZCKsdOncURAjLEAJ40icPmFPpy0F1IN5uvxRH5avSHbwCd
E3Wg
2cmGkEfAPwNiZCGFc1RffNQ=
=lJYf
-----END PGP SIGNATURE-----
_______________________________________________
opensc-user mailing list
opensc-user lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|