Re: CMS signing with engine
On Fri, Jul 08, 2011, James Berry wrote: > Steve, I'm sorry but I don't understand can you be a bit more explicit? > Something like this: openssl cms -sign -engine engine_name -keyform engine \ -signer cert.pem -inkey some_key_id ...other options... Where "cert.pem" is a file you saved the signing certificate to. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: CMS signing with engine
Steve, I'm sorry but I don't understand can you be a bit more explicit? Best wishes James -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 06 July 2011 20:26 To: openssl-users@openssl.org Subject: Re: CMS signing with engine On Wed, Jul 06, 2011, James Berry wrote: > I am trying to sign a file using the opensc pkcs11 engine. I will be doing > this in code ultimately, but I thought I would make it work from the command > line first. > > I have the pkcs11 engine working ok and can make a certificate request, for > example, using the key on the smartcard. > > This works fine and produces a signed file in the format that I want > > cms -sign -in sign.txt -out signout.txt -signer signer.pem -outform > > DER > > > This does not work, as it tries to open the key id on the card as a > file; I assume that I need a different parameter to indicate the key > id to use, but I can't find the right magic > > cms -engine pkcs11 -sign -in sign.txt -signer > > 8320eb4fa0f91a25b9febcbe47845ba168055622 -keyform engine -out > > signout.txt -outform DER > The signing certificate needs to be specified as a file, the value you pass as the key will be used to access the engine. So try -signer and -inkey options. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Advanced Health and Care Limited part of Advanced Computer Software Group. Registered in England at Munro House, Portsmouth Road, Cobham, Surrey, KT11 1TF. Registration number 02939302 This message (and any associated files) is intended only for the use of the stated recipient and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error or are not the intended recipient please notify us immediately by replying to the message or calling 01233 722700 and deleting it from your computer. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. We advise that in keeping with good computing practice the recipient of this email should ensure that it is virus free. We do not accept responsibility for any virus that may be transferred by way of this email. Email may be susceptible to data corruption, interception and unauthorised amendment, and we do not accept liability for any such corruption, interception or amendment or any consequences thereof. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CMS signing with engine
On Wed, Jul 06, 2011, James Berry wrote: > I am trying to sign a file using the opensc pkcs11 engine. I will be doing > this in code ultimately, but I thought I would make it work from the command > line first. > > I have the pkcs11 engine working ok and can make a certificate request, for > example, using the key on the smartcard. > > This works fine and produces a signed file in the format that I want > > cms -sign -in sign.txt -out signout.txt -signer signer.pem -outform DER > > > This does not work, as it tries to open the key id on the card as a file; I > assume that I need a different parameter to indicate the key id to use, but I > can't find the right magic > > cms -engine pkcs11 -sign -in sign.txt -signer > > 8320eb4fa0f91a25b9febcbe47845ba168055622 -keyform engine -out signout.txt > > -outform DER > The signing certificate needs to be specified as a file, the value you pass as the key will be used to access the engine. So try -signer and -inkey options. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CMS signing with engine
I am trying to sign a file using the opensc pkcs11 engine. I will be doing this in code ultimately, but I thought I would make it work from the command line first. I have the pkcs11 engine working ok and can make a certificate request, for example, using the key on the smartcard. This works fine and produces a signed file in the format that I want > cms -sign -in sign.txt -out signout.txt -signer signer.pem -outform DER This does not work, as it tries to open the key id on the card as a file; I assume that I need a different parameter to indicate the key id to use, but I can't find the right magic > cms -engine pkcs11 -sign -in sign.txt -signer > 8320eb4fa0f91a25b9febcbe47845ba168055622 -keyform engine -out signout.txt > -outform DER Can anyone help please? Best wishes James Advanced Health and Care Limited part of Advanced Computer Software Group. Registered in England at Munro House, Portsmouth Road, Cobham, Surrey, KT11 1TF. Registration number 02939302 This message (and any associated files) is intended only for the use of the stated recipient and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error or are not the intended recipient please notify us immediately by replying to the message or calling 01233 722700 and deleting it from your computer. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. We advise that in keeping with good computing practice the recipient of this email should ensure that it is virus free. We do not accept responsibility for any virus that may be transferred by way of this email. Email may be susceptible to data corruption, interception and unauthorised amendment, and we do not accept liability for any such corruption, interception or amendment or any consequences thereof. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
