|
Hi, unfortunately that is not that simple :( These methods are not being exposed by the dotnet. Porting them would take to much time because of the method struct. Recompiling the whole dotnet sdk is also not an option.
You know, i've been reading your mail and keep thinking and for now i see that the fastest way is
to simply modify libp11 proxy engine in EVP_load_private_key method. First i can verify there the EVP_test_flag on the key and second modify the engine flags. This way i will be 100% sure that the problem is on dotnet side. Because
when i was testing this key on the token i was generating 1024 bit length key and written it's length to the console. Than i have erased it completly and generated a new key pair with modified key length to 2048. The output result was changed:
1024 -> 2048. So the conclusion was that the key i taken correclty.
I will check this on monday and keep you inform. Have a nice weekend.
BR
Piotr
Od: Selva Nair <selva.nair@xxxxxxxxx>
Wysłane: sobota, 29 maja 2021 03:34 Do: Piotr Lobacz <piotr.lobacz@xxxxxxxxxxxx> Temat: Re: CSR creation using pkcs11 dynamic engine Hi,
You could probably work around it by getting the method from the key using meth = RSA_get_method(rsa) and then setting the flag on the method using
RSA_meth_set_flags(meth, flags). May not be a nice thing to do to a method owned by the engine, but should work if those API are exposed via
dotnet.
If this is indeed the problem, you could try lobbying two places:
dotnet devs to add a check for flags in the key, and libp11/pkcs11 engine devs to also set the flags on the method. One of them may oblige, depending on their thoughts on what is "right".
Selva
Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND KRS: 0000674406, NIP: 9581679801, REGON: 367090912 www.softgent.com Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości. |
