Re: Openssl Engine for Utimaco CryptoServer
Ralf Hornik Mailings wrote: [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so [Failure]: MODULE_PATH:/opt/cserver/lib/libcs2_pkcs11.so 7104:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:eng_ctrl.c:134: 7104:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid What does "INT_CTRL_HELPER:invalid cmd name" mean? As mentioned in documentation the cmd_name has to be set to SO_PATH. So cmd_name set to MODULE_NAME will always fail. Is that a bug? Regards Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Openssl Engine for Utimaco CryptoServer
Hello List, is there any working engine for Utimaco CryptoServer? Using Utimacos libcs2_pkcs11.so and OpenSCs pkcs11-tool it is possible to import and/or generate keys on the HSM but trying the openSC's engine for openssl I get: modrow:~# openssl engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre MODULE_PATH:/opt/cserver/lib/libcs2_pkcs11.so -pre LIST_ADD:1 -pre LOAD (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so [Failure]: MODULE_PATH:/opt/cserver/lib/libcs2_pkcs11.so 7104:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:eng_ctrl.c:134: 7104:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316: [Success]: LIST_ADD:1 [Success]: LOAD Loaded: (pkcs11) pkcs11 engine unable to load module (null) [ unavailable ] Has anybody a working openssl-engine for CryptoServer? Thanks and best regards Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Storing keys and certs on USB tokens using openssl(1)
>> http://www.opensc.org/files/doc/opensc.html#opensc.using.openssl > > btw: what kind of usb token do you have ? Aladdin eToken pro 32k. Opensc now recognices my USB token. When I try to load the engine I get: mtag03:/home/rho/et2k/opensc-0.8.1 # openssl OpenSSL> engine dynamic -pre SO_PATH:/usr/local/opensc/lib/opensc/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/local/opensc/lib/opensc/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Failure]: LOAD 9868:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:433: OpenSSL> Same happens on engine_opensc I compiled openssl with ./config shared This problem seems to be discussed former: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17610.html But I think its all dynamicly linked. Any help would be appreciated Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Storing keys and certs on USB tokens using openssl(1)
> Yes, I know, but I don't find any pointer to this engines. Even, there is > no pkcs11 or opensc word in the complete openssl-source! > > Do I have to include the hw_* files from opensc manually? What engine id > will it be? Has anyone done this in practice? Found the solution myself! :-) http://www.opensc.org/files/doc/opensc.html#opensc.using.openssl __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Storing keys and certs on USB tokens using openssl(1)
> Keys at least: there's an openssl engine for opensc aKeys at least: > there's > an openssl engine for opensc and one for pkcs11 libraries at > www.opensc.org Yes, I know, but I don't find any pointer to this engines. Even, there is no pkcs11 or opensc word in the complete openssl-source! Do I have to include the hw_* files from opensc manually? What engine id will it be? Has anyone done this in practice? Thanks for any help! Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Storing keys and certs on USB tokens using openssl(1)
Hi openssl users, Is it possible to generate keys on USB tokens using openssl(1) and pkcs11 engine? I cannot find any dokumentation about it. Can anybody point me to the right direction, or knows some links/howtos? Thanks for your help Ralf __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]