Hello Arno,
I have correct BEGIN/END CERTIFICATE but none of PEM have a RSA
PRIVATE KEY section.
With OpenSSL I use PKCS11 but has I had to manually extract auth
certificate I supposed PKCS11 access would not be really needed
anymore, but may be it is still needed because
Dod wrote:
> Hello Arno,
>
> I have correct BEGIN/END CERTIFICATE but none of PEM have a RSA
> PRIVATE KEY section.
The private key must not neccessarily be an RSA key, do you see any other
PRIVATE KEY section?
>
> With OpenSSL I use PKCS11 but has I had to manually extract auth
>
Hello Arno,
Only one BEGIN/END section in each PEM that is only CERTIFICATE.
AG> The private key must not neccessarily be an RSA key, do you see any other
AG> PRIVATE KEY section?
AG> That's possible. AFAIK, OpenSSL supports PKCS11 only thru a dynamic
AG> Engine, to list current active engines
Dod wrote:
> Hello Arno,
>
> Only one BEGIN/END section in each PEM that is only CERTIFICATE.
>
>> The private key must not neccessarily be an RSA key, do you see any
>> other PRIVATE KEY section?
>
>> That's possible. AFAIK, OpenSSL supports PKCS11 only thru a dynamic
>> Engine, to list current
Hello Arno,
I thought ICS was based on OpenSSL as it use the libeay32.dll and
ssleay32.dll like OpenSSL.exe do.
Currently I am able to do a connection using OpenSSL.exe (using pkcs11
engine) or sTunnel.exe that is configured with nearly same parameters
syntax as OpenSSL as it also rely on l
Dod wrote:
> Hello Arno,
>
> I thought ICS was based on OpenSSL as it use the libeay32.dll and
> ssleay32.dll like OpenSSL.exe do.
OpenSSL is a huge crypto library, ICS uses just parts of it. Engines
have been introduced after ICS-SSL started and nobody obviously implemented
it later on. I a
Arno Garrels wrote:
>> I know that private key cannot be extracted from the SmartCard type
>> I use
>
> That's hard to believe, if OpenSSL can read the key, and it must read
> it, then it should be possible to write it to a PEM file as well,
> IMHO.
Maybe the smartcart is smarter than I can ima
