hi, yesterday we discovered a slight nuisance in pkcs11-tool: when you generate a private key on a token (Aladdin eToken in our case) then pkcs11-tool hardcodes publicExponent = 3 Turns out that this is almost the worst exponent you can choose, read e.g. http://www.mail-archive.com/[EMAIL PROTECTED]/msg06537.html for details. I've tried changing the publicExponent to 65537 (and changed the type from CK_BYTE to CK_ULONG) but this caused the eToken to never return a private key. Most likely it was choking on the exponent being too big... Would it make sense to increase the default PublicExponent to something bigger, e.g. 199 ? Or would it perhaps make sense to add the public Exponent as a command-line option to pkcs11-tool ? the command use to generate the private key was: pkcs11-tool --module etpkcs11.dll --keypairgen --key-type rsa:2048 --login --id 1234 -label "RSA key"
cheers, JJK / Jan Just Keijser _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
