--- src/cms_common.c | 12 ++++++++++-- src/cms_common.h | 1 + src/pesign.c | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) Index: pesign-0.111/src/cms_common.c =================================================================== --- pesign-0.111.orig/src/cms_common.c +++ pesign-0.111/src/cms_common.c @@ -280,6 +280,7 @@ struct cbdata { CERTCertificate *cert; PK11SlotListElement *psle; secuPWData *pwdata; + int privkey_unneeded; }; static SECStatus @@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi void *pwdata = cbdata->pwdata; SECKEYPrivateKey *privkey = NULL; + + if (cbdata->privkey_unneeded) { + cbdata->cert = cert; + return SECSuccess; + } + privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); if (privkey != NULL) { cbdata->cert = cert; @@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n } SECStatus status; - if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { + if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { PK11_DestroySlotListElement(slots, &psle); @@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n .cert = NULL, .psle = psle, .pwdata = pwdata, + .privkey_unneeded = cms->privkey_unneeded, }; if (needs_private_key) { @@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms, } SECStatus status; - if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { + if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { PK11_DestroySlotListElement(slots, &psle); Index: pesign-0.111/src/cms_common.h =================================================================== --- pesign-0.111.orig/src/cms_common.h +++ pesign-0.111/src/cms_common.h @@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct typedef struct cms_context { PRArenaPool *arena; void *privkey; + int privkey_unneeded; char *tokenname; char *certname; Index: pesign-0.111/src/pesign.c =================================================================== --- pesign-0.111.orig/src/pesign.c +++ pesign-0.111/src/pesign.c @@ -651,6 +651,7 @@ main(int argc, char *argv[]) */ case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: check_inputs(ctxp); + ctxp->cms_ctx->privkey_unneeded = 1; rc = find_certificate(ctxp->cms_ctx, 0); if (rc < 0) { fprintf(stderr, "pesign: Could not find "