diff options
author | Rob Austein <sra@hactrn.net> | 2017-06-07 15:36:51 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2017-06-07 15:36:51 -0400 |
commit | b208b2cab51c0fce3d98e8e462b14d07fa3fcc66 (patch) | |
tree | efcd482cb795a5c0accbb9b9849b7d9f5f35dc11 /README.md | |
parent | ae322afdec65e7d8c180fa761c0bbb3c682ef5c0 (diff) |
Add ECDSA support, via updated OpenSC pkcs11 engine.
This works on Debian Jessie (8.8) with the jessie-backports version of
libengine-pkcs11-openssl:
cryptech-alpha 3.0.1496536286
libengine-pkcs11-openssl 0.4.3-1~bpo8+1
opensc 0.14.0-2
openssl 1.0.1t-1+deb8u6
Version dependencies between OpenSSL and OpenSC are an even worse
swamp than usual at the moment, due to API changes in OpenSSL 1.1, so
it's anybody's guess whether this works on any other platform. YMMV.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -2,7 +2,12 @@ Packages you need (on Debian Jessie, anyway): - sudo apt-get install libengine-pkcs11-openssl opensc opensc-pkcs11 cryptech-alpha + sudo apt-get install opensc cryptech-alpha + sudo apt-get install -t jessie-backports libengine-pkcs11-openssl + +We're using the backported version of libengine-pkcs11-openssl because +we want ECDSA support -- the ancient version that originally shipped +with Jessie only supported RSA. General plan here is to use pkcs11-tool to create keys, then use the pkcs11 OpenSSL engine and OpenSSL command line tool to do vaguely |