Re: [Cryptography-dev] Looking to sign certificates with pkcs11 key

> On 14 Dec 2017, at 12:38, Paul Kehrer wrote: > > We discussed this in the past > (https://github.com/pyca/cryptography/issues/1506 > ) but now that we're > dropping explicit backends the proposed solutions in that issue don't really > apply

Re: [Cryptography-dev] Looking to sign certificates with pkcs11 key

We discussed this in the past ( https://github.com/pyca/cryptography/issues/1506) but now that we're dropping explicit backends the proposed solutions in that issue don't really apply. Probably the easiest path is just to sign your certificate with a dummy key and then call `tbs_certificate_bytes`

[Cryptography-dev] Looking to sign certificates with pkcs11 key

Hi! I’m looking to set up a solution where an intermediate CA signs certificates using a pkcs11-accessible private key. Doing this without pkcs11 seems pretty straight forward thanks to pyca/cryptography, which is surprisingly comfortable to use. There’s no native support for pkcs11 (yet) tho