René Fischer

Thanks @briankendall for the writeup! We should either add a helper script or update the instructions in the handbook. Any opinions?

Thanks for raising this issue. Do I understand correctly that you have encapsulated PKCS#11 access to your HSMs in your own library, but want to sign certificates using Botan's X.509...

What I see is that your `PKCS11_RSA_Signature_Operation` is basically a copy of Botan's `PKCS11_RSA_Signature_Operation`, except that instead of invoking PKCS#11's `C_Sign*()` on the module (`m_key.module()->C_Sign*()`), you invoke custom functions `m_key.pSession->sign*()`...

Are you building on Windows with Visual Studio/MSVC? I am asking because deriving from `Botan::Private_Key` with upstream `master´ works just fine on Linux, whereas Windows complains about `undefined type Botan::PK_Ops::Signature`....

My point is that it should work without making `PK_Ops::Signature` (and other types) in `pk_ops.h` public, because these are forward-declared in [pk_ops_fwd.h](https://github.com/randombit/botan/blob/master/src/lib/pubkey/pk_ops_fwd.h), so there is no need to `include `....

This is actually a regression, which we'll handle via #3878. Thanks for pointing this out!

Nice addition, thanks! Shouldn't this be added to the docs, too?

Implementation and docs are done, so this issue can be closed, right?

Can we close this issue? Seems to be resolved.