Hi, I am using charon and I need to access a private key sitting on a smartcard through an openssl RSA engine. I have setup engine_pkcs11 and opensc and got access to such a secret stored on a smartcard and it worked nicely.
However, I have another smartcard chip that doesn't allow me to do raw RSA sign of a digest. It only allows me to a SHA1/RSA PKCS1.5 combination. i.e. it expects me to pass it the whole message, not just the digest, and it will do both the digest and the signing. But using the RSA engine, I seem to only get the digest given to me, which can't work with the smartcard I have. Changing tha smardcard chip is not a solution because this is an embedded system with the chip built in. I think the solution is to create an openssl digest engine for sha1withrsaencryption. I imagine if I did that, then strongswan would pass me to the whole message and I can pass that to my smartcard to do the whole sha1withrsaencryption operation. Does the digest engine approach make sense? Regards, Dimitrios Siganos _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
