[botan-devel] Signing using a certificate stored on a token

Daniel Neus daniel at neus-online.eu
Sun Mar 19 08:24:16 EDT 2017


Hi Max,

if you just want to sign you need the private key, not the certificate.
You should have a look in the `test_pkcs11_high_level.cpp` file and look
for the `test_rsa_sign_verify()` which describes RSA signing and
verification or for `test_ecdsa_sign_verify` which describes ECDSA
sign/verify.

Here is another example for RSA signing (untested):

Module module( "/path/to/the/pkcs11/module" );
auto slots = Slot::get_available_slots( module, true );
Slot slot( module, slots.front() );
Session session( slot, true );
const Botan::PKCS11::secure_string pin = { '1', '2', '3', '4', '5', '6' };

session.login( UserType::User, pin );

const std::string label = "MY_PRIV_KEY";
// select key with label 'MY_PRIV_KEY'
auto keys = Object::search<PKCS11_RSA_PrivateKey>( session, label );

Botan::PK_Signer signer( keys.front(), Test::rng(), "EMSA4(SHA-256)",
Botan::IEEE_1363, "pkcs11" );
auto signature = signer.sign_message( std::vector<uint8_t>( 256 ),
Test::rng() );


Daniel

Am 18.03.2017 um 15:26 schrieb mdevivo74 at gmail.com:
> Hi,
> 
>  
> 
> My name’s Max. I’m starting to use Botan in a project. Currently, I need
> to sign a buffer using a certificate stored in a token. I’m trying to
> use PKCS11 high level api, but I cannot find any example to access
> certificates already stored in a token and to use them for signing.
> 
>  
> 
> Could someone help me, please?
> 
>  
> 
> Thanks a lot,
> 
>  
> 
> Max
> 
>  
> 
> 
> 
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel
> 


More information about the botan-devel mailing list