From 073f4ed111b0b10dcbd81fc112f9d66e41f40fac Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Wed, 17 Nov 2021 17:43:22 +0300 Subject: Use pkeyutl command instead of rsautl starting openssl version 3.0.0 --- bpkg/auth.hxx | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'bpkg/auth.hxx') diff --git a/bpkg/auth.hxx b/bpkg/auth.hxx index 4cd2e56..54e6884 100644 --- a/bpkg/auth.hxx +++ b/bpkg/auth.hxx @@ -79,15 +79,11 @@ namespace bpkg // openssl x509 -noout -modulus -in cert.pem // openssl rsa -noout -modulus -in key.pem // - // But taking into account that we need to be able to use custom engines to - // access keys, it seems to be impossible to provide the same additional - // openssl options to fit both the rsa and pkeyutl commands. The first would - // require "-engine pkcs11 -inform engine", while the second -- "-engine - // pkcs11 -keyform engine". Also it would require to enter the key password - // again, which is a showstopper. Maybe the easiest would be to recover the - // sum back from the signature using the certificate, and compare it with - // the original sum (like we do in authenticate_repository()). But that - // would require to temporarily save the certificate to file. + // However, it would require to enter the key password again, which is a + // showstopper. Maybe the easiest would be to recover the sum back from the + // signature using the certificate, and compare it with the original sum + // (like we do in authenticate_repository()). But that would require to + // temporarily save the certificate to file. // std::vector sign_repository (const common_options&, -- cgit v1.1