Hello all, Trying to build a Certificate Signing Request using external means for crypto operations (eg key pair generation, signing). I'm relying on demos/x509/mkreq.c and the code in crypto/x509/.
What I want to do is: - use external engine to generate RSA key pair - build X509_REQ as per mkreq.c - sign its X509_REQ_INFO with my external engine (RSA PKCS #1 w/ SHA-256) - plug this signature into X509_REQ Now before digging further into the code, I was wondering if anyone could explain, on the spot: 1) how to set the CSR's (Subject-Public-Key-Info)->(Public-Key-Algorithm) to RSA-OAEP (this key pair is to be used for encryption/decryption) ; I see X509_PUBKEY_set, but is there any way I can just change the EVP structure to specify OAEP and just call X509_REQ_set_pubkey as in the example? I'm assuming EVP_CTX_ctrl only works for initialized contexts. 2) the exact sequence of d2i/i2d/getters/setters to: - turn my X509_REQ_INFO into bytes, which I'll sign with my other engine - turn those bytes into an ASN1_BIT_STRING which I'll plug into my X509_REQ - set X509_REQ's sig_alg to something corresponding to "RSA PKCS #1 w/ SHA-256" Thanks in advance :) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
