I have an Aladdin eToken, which differentiates signing and encryption
keys. The signing and encryption operation is different in the PKCS#11
API. They happen to work the same way with RSA, but they are different ones.
Look at apps/rsautl.c:272
case RSA_SIGN:
rsa_outlen = RSA_private_encrypt(rsa_inlen,
rsa_in, rsa_out, rsa, pad);
At crypto/rsa/rsa.h. there IS an rsa_sign function. It should be used.
The above also true for verify.
$openssl rsautl -sign -engine pkcs11 -keyform engine -inkey id_45 -in
file -out file.signed
engine "pkcs11" set.
PKCS#11 token PIN:
RSA operation error
9632:error:80009404:Vendor defined:PKCS11_rsa_encrypt:Not
supported:p11_ops.c:107:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
