On 12/18/15, 10:46 , "openssl-dev on behalf of Nikos Mavrogiannopoulos" <openssl-dev-boun...@openssl.org on behalf of n...@redhat.com> wrote:
>On Thu, 2015-12-17 at 22:06 +0000, Blumenthal, Uri - 0553 - MITLL >wrote: >> I’m playing with RSA-PSS and PKCS11 engine (in OpenSSL, of course :). >[...] >> But this doesn’t: >> >> $ openssl dgst -engine pkcs11 -keyform engine -verify >> "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt > >The current implementation of engine_pkcs11 seems to work with private >keys and certificates only. I've added a fix in engine_pkcs11, but it >seems that public key types were never tested for PKCS#11 URLs. I’ll be happy to help testing your fix(es). Am I correct assuming that the correct behavior would be retrieving the public key (or certificate) from the token? I could not find the code for that, perhaps it needs to be added? Thanks!
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
