Signing CSR using SoftHSM

[anshulv1401]

Creating dotnet signed certificate System.Security.Cryptography.X509Certificates.X509Certificate2 using dotnet System.Security.Cryptography.X509Certificates.CertificateRequest

Created X509SignatureGenerator using RSA private key retrieved from the Pkcs11X509Certificate, which then passed to CertificateRequest to get X509Certificate2.

[jariq]

Hello @anshulv1401, thanks for the PR.

Please help me to understand the motivation for these changes. This is how I understand the code:

You wanted to use CA cert/key stored on PKCS#11 device to issue/generate X.509 certificate via System.Security.Cryptography.X509Certificates.CertificateRequest::Create method but the implementation of Net.Pkcs11Interop.X509Store.Pkcs11RsaProvider::HashData was missing.

Is my understanding correct?

[anshulv1401]

Hello @anshulv1401, thanks for the PR.

Please help me to understand the motivation for these changes. This is how I understand the code:

You wanted to use CA cert/key stored on PKCS#11 device to issue/generate X.509 certificate via System.Security.Cryptography.X509Certificates.CertificateRequest::Create method but the implementation of Net.Pkcs11Interop.X509Store.Pkcs11RsaProvider::HashData was missing.

Is my understanding correct?

Hi @jariq, thanks for responding. Your understanding is correct, I was exploring a way to issue/generate X.509 certificate via cert/key stored in soft-HSM (PKCS#11), and encountered the "HashData method not implemented" exception. We are using this in an under-development project to issue certificates to biometric devices, which sign the encrypted bio value using the issued certificate. The signature chain is validated at a central server.

[jariq]

Functionally equivalent code has just been merged in #31 to both Pkcs11RsaProvider and Pkcs11ECDsaProvider so I'm closing this PR without merge.