On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang <weizhongqi...@gmail.com> wrote: > As I mentioned that I need to use EEC credential to generate a proxy > credential (process is the same as you use CA credential to generate a EEC > credential). > The the generation step, I need to use X509_sign (int X509_sign(X509 *x, > EVP_PKEY *pkey, const EVP_MD *md)) which needs private key for signing a > X509 certificate. > That is the reason I need to take private key out. > Could you tell me how to use pkcs11-helper lib to sign a certificate without > taking the private key out? to use pkcs11h_certificate_sign? > Thanks > Weizhong Qiang > > >
No, you should use X509_sign(). Why not use EVP_PKEY_assign_RSA(pk,rsa) and use pk? Not sure but maybe X509_set_pubkey(x509,pk) will be needed. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
