[gnutls-help] Signing an X.509 cert with a PKCS #11 privkey
Rick van Rein
rick at openfortress.nl
Thu Dec 17 11:54:41 CET 2015
I'm trying to create an X.509 certificate and then sign it using
gnutls_x509_crt_sign2(). That call however, requires the issuer key to
be a gnutls_x509_privkey_t. The signing that I have however, is a PKCS
#11 key located with a pkcs11: URI.
I can find a path from both X.509 private keys and PKCS #11 private keys
to the abstract form gnutls_privkey_t, but I cannot find the way to sign
the certificate with the PKCS #11 key. Am I overlooking functions or
paths connecting them?
I am using GnuTLS 3.4.7 and have looked through the online API
documentation and the code. Interestingly, but not surprisingly, the
only thing that gnutls_x509_crt_sign2() does is convert the private key
to the gnutls_privkey_t that I already have.
More information about the Gnutls-help