[strongSwan-dev] charon openssl RSA engine and private key on smartcard
Dimitrios Siganos
dimitris at siganos.org
Thu Apr 29 14:54:32 CEST 2010
Hi,
I am using charon and I need to access a private key sitting on a
smartcard through an openssl RSA engine. I have setup engine_pkcs11 and
opensc and got access to such a secret stored on a smartcard and it
worked nicely.
However, I have another smartcard chip that doesn't allow me to do raw
RSA sign of a digest. It only allows me to a SHA1/RSA PKCS1.5
combination. i.e. it expects me to pass it the whole message, not just
the digest, and it will do both the digest and the signing. But using
the RSA engine, I seem to only get the digest given to me, which can't
work with the smartcard I have.
Changing tha smardcard chip is not a solution because this is an
embedded system with the chip built in.
I think the solution is to create an openssl digest engine for
sha1withrsaencryption. I imagine if I did that, then strongswan would
pass me to the whole message and I can pass that to my smartcard to do
the whole sha1withrsaencryption operation.
Does the digest engine approach make sense?
Regards,
Dimitrios Siganos
More information about the Dev
mailing list