[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: [strongSwan-dev] charon openssl RSA engine and private key on
From: Dimitrios Siganos <dimitris () siganos ! org>
Date: 2010-04-29 12:54:32
Message-ID: 4BD98188.2050605 () siganos ! org
[Download RAW message or body]
Hi,
I am using charon and I need to access a private key sitting on a
smartcard through an openssl RSA engine. I have setup engine_pkcs11 and
opensc and got access to such a secret stored on a smartcard and it
worked nicely.
However, I have another smartcard chip that doesn't allow me to do raw
RSA sign of a digest. It only allows me to a SHA1/RSA PKCS1.5
combination. i.e. it expects me to pass it the whole message, not just
the digest, and it will do both the digest and the signing. But using
the RSA engine, I seem to only get the digest given to me, which can't
work with the smartcard I have.
Changing tha smardcard chip is not a solution because this is an
embedded system with the chip built in.
I think the solution is to create an openssl digest engine for
sha1withrsaencryption. I imagine if I did that, then strongswan would
pass me to the whole message and I can pass that to my smartcard to do
the whole sha1withrsaencryption operation.
Does the digest engine approach make sense?
Regards,
Dimitrios Siganos
_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic