Okay, i identified the code which is at fault, and it is indeed Fedora's kernel fault. And it explains why PKCS1's sign callback returns -ENOSYS. https://src.fedoraproject.org/rpms/kernel/blob/f42/f/patch-6.15-redhat.patch#_510 But why was this change made ? All signing callbacks seem to be overrided with sig_prepare_alg() for some reason. We would like to use PKCS1 signing algorithm provided by kernel. Regards Alex
