[gnutls-help] Signing an X.509 cert with a PKCS #11 privkey

Rick van Rein rick at openfortress.nl
Thu Dec 17 11:54:41 CET 2015


Hello,

I'm trying to create an X.509 certificate and then sign it using
gnutls_x509_crt_sign2().  That call however, requires the issuer key to
be a gnutls_x509_privkey_t.  The signing that I have however, is a PKCS
#11 key located with a pkcs11: URI.

I can find a path from both X.509 private keys and PKCS #11 private keys
to the abstract form gnutls_privkey_t, but I cannot find the way to sign
the certificate with the PKCS #11 key.  Am I overlooking functions or
paths connecting them?

I am using GnuTLS 3.4.7 and have looked through the online API
documentation and the code.  Interestingly, but not surprisingly, the
only thing that gnutls_x509_crt_sign2()  does is convert the private key
to the gnutls_privkey_t that I already have.

Thanks,
 -Rick



More information about the Gnutls-help mailing list