OpenSSL C_Verify*
#321
-
|
Is it possible to force OpenSSL to use the C_Verify* methods instead of exporting the public key and run the verify locally? Looking at the logs after running |
Beta Was this translation helpful? Give feedback.
Answered by
simo5
Dec 1, 2023
Replies: 1 comment 1 reply
-
|
Yes, you should be able to do that via a quirk that prohibits exporting even public keys: pkcs11-module-allow-export = 1 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks! I tested it with softhsm and it works as expected. |
Beta Was this translation helpful? Give feedback.
Answer selected by
0pq76r
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yes, you should be able to do that via a quirk that prohibits exporting even public keys:
pkcs11-module-allow-export = 1
see https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md#pkcs11-module-allow-export