Self signed certificate about pkcs11interop HOT 2 CLOSED

Let me first clearly answer your question: BouncyCastle is all you need.

BouncyCastle works out-of-the-box only with the cryptographic keys that can be exposed into the host memory. However one must not forget that BouncyCastle is general purpose cryptographic library and if you are willing to do a little extra work on lower level APIs you can use it also with the keys that cannot be exposed in the host memory. In your case you would need to use BouncyCastle (low level APIs) to create X.509 structure and then use PKCS#11 library for a low level signature. This approach requires you to do more coding and to have much deeper understanding of X.509, ASN.1 and related technologies but it certainly can be done.

BTW I am little confused of your PKCS#11 related posts here [1] and on stackowerflow [1] [2] [3] and I am failing to understand what is your goal with this technology. Maybe you could share more high level details of your project so I can better understand your needs? Feel free to drop me an e-mail to [email protected] if you don't want to discuss it publicly.

from pkcs11interop.

Lets say the fact that I'm trying to deploy an opensource office signature based on your library. :) something like officeblackbox(https://www.eldos.com/sbb/desc-office.php) but opensourced.
I've fully understood the ooxml signature standard method myself And so far based on the current questions and answers and deep investigations in office xml standards docs, I was able to produce a valid signature by using a PKCS#12 file(importing the key from existing certificate) but still I couldn't generate a certificate from token(which is the last requirement).
Now lets continue the discussion in the emails.
Oh and btw thanks for your contribution btw

from pkcs11interop.