Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set RSA_FLAG_EXT_PKEY flag #308

Merged
merged 1 commit into from Oct 4, 2019
Merged

Set RSA_FLAG_EXT_PKEY flag #308

merged 1 commit into from Oct 4, 2019

Conversation

stanislavlevin
Copy link
Contributor

From docs about RSA_FLAG_EXT_PKEY:

This flag means the private key operations will be handled by
rsa_mod_exp and that they do not depend on the private key
components being present:
for example a key stored in external hardware. Without this flag
bn_mod_exp gets called when private key components are absent.

For example, setting this flag allows BIND to identify RSA key (stored on a HSM)
as a private key. Otherwise, BIND fails to sign and to verify signs.

Fixes: #304

@stanislavlevin
Set RSA_FLAG_EXT_PKEY flag
0cc686f 
From docs:
"""
This flag means the private key operations will be handled by
rsa_mod_exp and that they do not depend on the private key
components being present:
for example a key stored in external hardware. Without this flag
bn_mod_exp gets called when private key components are absent.
"""

Setting this flag allows BIND to identify RSA key (stored on a HSM)
as a private key. Otherwise, BIND fails to sign and to verify signs.

Fixes: OpenSC#304
Signed-off-by: Stanislav Levin <slev@altlinux.org>
@mtrojnar mtrojnar merged commit b487da5 into OpenSC:master Oct 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing RSA_FLAG_EXT_PKEY
2 participants
@stanislavlevin @mtrojnar