[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pkinit/opensc/soft-pkcs11
Matthew Andrews <matt@slackers.net> writes:
> Yes, I believe that the "Not Supported" error is orriginating in
> soft-pkcs11. I was just trying to figure out how you would succesfully
> use soft-pkcs11 with kinit if this was the case. is there a way to get
> openssl to use the engine only for certain operations?
I think the error is from this snippet of code in opensc's openssl engine.
Its doesn't support rsa encryption. soft-pkcs11 does support rsa
encryption.
static int
pkcs11_rsa_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA * rsa, int padding)
{
/* PKCS11 calls go here */
PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, PKCS11_NOT_SUPPORTED);
return -1;
}
> thanks for the note aout --pkinit-use-dh, I'll try that out for now.
I think I'll make using DH the default when I verify that my code written
that parses the dh group info is correct.
Love
PGP signature