Thank you. But I still have the problem.
2011/12/1 Douglas E. Engert <[email protected]>:
>
>
> On 12/1/2011 8:04 AM, Jean-Pierre Fortune wrote:
>> Hello,
>>
>> I am currently trying to sign a file with an iasecc compliant
>> smartcard and openssl but I can find out how to specify the private
>> key to use.
>>
>> The private key I want to select "belongs" to the ECC Generic ID application.
>>
>> When signing with pkcs15-crypt tool, I execute the following command
>> and it works well:
>>
>> pkcs15-crypt --aid E828BD080FD25047656E65726963 -k $my_key_id--sign
>> --pkcs1 --sha-1 --input data-1.sha1 --pin $my_pin --output
>> data-1.auth.sig
>>
>> When using openssl, I use the following command:
>>
>> openssl
>> OpenSSL> engine -t dynamic -pre
>> SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
>> LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
>> (dynamic) Dynamic engine loading support
>> [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
>> [Success]: ID:pkcs11
>> [Success]: LIST_ADD:1
>> [Success]: LOAD
>> [Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so
>> Loaded: (pkcs11) pkcs11 engine
>> [ available ]
>> OpenSSL> smime -nodetach -binary -outform PEM -sign -signer $my_cert
>> pem -inkey $my_key_id -keyform engine -in data-1.txt -out test.p7m
>> -engine pkcs11
>> engine "pkcs11" set.
>> Invalid slot number: 0
>> PKCS11_get_private_key returned NULL
>> cannot load signing key file from engine
>> 3611:error:26096080:engine routines:ENGINE_load_private_key:failed
>> loading private key:eng_pkey.c:126:
>> unable to load signing key file
>> error in smime
>> OpenSSL>
>>
>> The problem is that I couldn't find how to specify $my_key_id in the
>> latter case.
>
> See:
>
> http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart
>
> The slot_X-id_Y or id_Y are used as parameters to PKCS#11.
> You can find out what they are on your card using
>
> pkcs11-tool --module /usr/lib/opensc-pkcs11.so -L -O
When I do this, I get a list related to the application, "ECC eID".
The card contains another application "
I use pkcs15-tool for examining the card, there are no key and no
certificates in "ECC eID" but 2 certs and 2 keys in "ECC Generic PKI":
pkcs15-tool --list-applications
Using reader with a card: Teo by Xiring 00 00
Application 'ECC eID':
AID: E828BD080FD2504543432D654944
Application 'ECC Generic PKI':
AID: E828BD080FD25047656E65726963
pkcs15-tool --list-certificates
Using reader with a card: Teo by Xiring 00 00
pkcs15-tool --list-certificates --aid E828BD080FD25047656E65726963
Using reader with a card: Teo by Xiring 00 00
X.509 Certificate [Signature Certificate]
Object Flags : [0x2], modifiable
Authority : no
Path : e828bd080fd25047656e65726963::b001
ID : 5369676E6174757265204365727469666963617465
GUID : {5369676E61747-5726-5204-365727469666}
Access Rules : read:<always>; update:c1; delete:c1;
Encoded serial : 02 02 113E
X.509 Certificate [Authentification Certificate]
Object Flags : [0x2], modifiable
Authority : no
Path : e828bd080fd25047656e65726963::b002
ID :
41757468656E74696669636174696F6E204365727469666963617465
GUID : {41757468-656E-7469-6669-636174696F6E}
Access Rules : read:<always>; update:c1; delete:c1;
Encoded serial : 02 02 113F
What I am looking for is how to specify an equivalent to "--aid
E828BD080FD25047656E65726963" when using the card from openssl and
engine_pkcs11.
Best regards,
--
Jean-Pierre
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
