[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit/opensc/soft-pkcs11

Matthew Andrews <matt@slackers.net> writes:

> Yes, I believe that the "Not Supported" error is orriginating in
> soft-pkcs11. I was just trying to figure out how you would succesfully
> use soft-pkcs11 with kinit if this was the case. is there a way to get
> openssl to use the engine only for certain operations?

I think the error is from this snippet of code in opensc's openssl engine.
Its doesn't support rsa encryption. soft-pkcs11 does support rsa

static int
pkcs11_rsa_encrypt(int flen, const unsigned char *from, unsigned char *to,
		   RSA * rsa, int padding)
	/* PKCS11 calls go here */
	return -1;

> thanks for the note aout --pkinit-use-dh, I'll try that out for now.

I think I'll make using DH the default when I verify that my code written
that parses the dh group info is correct.


PGP signature