On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang <weizhongqi...@gmail.com> wrote: >> OpenSSL is fully compatible with this approach, having RSA object that >> can be used for crypto operation without actually having the private >> key. This is done via the concept of "engine" which delegate the >> crypto calls to the hardware device. > > Should I installed the "engine_pkcs11" to get the nss softoken work? >
Hmmm..... What EXACTLY are you trying to do? Why do you use the NSS soft token and access it via OpenSSL? Either stick with NSS or use OpenSSL. Where is the hardware device? Which component's PKCS#11 are you trying to access? >> Try to perform private key operation using the RSA object and see that it >> works. > > Do you mean that I should use RSA_sign instead of X509_sign? > Again, I am totally confused from the partial information you present. So I cannot know what is best for you, and even why you are using pkcs11-helper, as if I understand correctly you do not have hardware device at all. Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
