Come on, folks. Dont give in to cleartext private keys.
Have openssl generate a cert, any cert. Use the cardedge to move the cert DER into an alloced region of the muscle's applet memory manager. Dont even decode the DER. At fixed byte offsets (use openssl to produce, its a pretty print option) for public key p, and sig s, insert the fixed size public key blob @p, then use the existing hash and signature methods on the EEPROM buffer to generate the cryptogram and overwrite the existing signature bytes @s. Output result via cardedge to the PC, and feed in to openssl -req -arg=use-certtemplate-not-PKCS#10
The applet really doesnt have to do very much it cannot already do: all that it needs to know is the offsets of the public and signature X.509 fields in the DER encoding. Everything else is there. Worry about generalization of key lengths and algs options later. Just do sha1WithRSA and 768bit RSA for now.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
