failed:eng_table.c:174:
Any idea why this would be happening?
Is it that the engine is just not implemented properly?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
__
OpenSSL Project
seem to fix things either.
May I ask which Luna product we have been able to use the engine with?
Thanks,
Bram
On 12-02-01 7:58 AM, Mathias Tausig wrote:
On 02/01/2012 12:59 PM, Bram Cymet wrote:
Hi,
I am attempting to use openssl with the Luna SA HSM. I am getting the
following error
!
Matt
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib64/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0
PIN = PINOFSMARTCARD
Any idea why I am getting a conflicting engine id and how I can debug
and fix this?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co
routines:MODULE_RUN:module initialization
error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
Any idea why it would be doing that?
Thanks,
Bram
On 11-04-05 7:24 AM, Bram Cymet wrote:
Hi,
When I try to load the opensc-engine with a config file I get:
OPENSSL_CONF=/opt/cbnca
On 11-04-05 11:50 AM, Dr. Stephen Henson wrote:
On Tue, Apr 05, 2011, Bram Cymet wrote:
I added some debugging output to openssl and I have found that it is
parsing the config file twice and attempting to load the engine twice.
OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf ./apps/openssl
in
the openssl command line interface then it works fine.
Any idea what could be going on? Why would it seem to ignore my config.
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL
routines:MODULE_RUN:module initialization
error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
error in engine
On 11/09/2010 04:57 PM, Bram Cymet wrote:
Hi,
I have the following in my /etc/ssl/openssl.cnf file:
openssl_conf= openssl_def
[openssl_def]
engines
, retcode=-1
any idea why that would be happening?
On 11/09/2010 05:28 PM, Bram Cymet wrote:
Here is an example of what happens if I run it from the command line
interface:
openssl
OpenSSL engine dynamic -pre
SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre
RSA_padding_add_PKCS1_PSS with the hash that I computed is
that correct?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http
on?
I am using openssl 1.0.0
Also on a side note if I use the command:
OPENSSL_CONF=piv.conf openssl
The OPENSSL_CONF variable is ignored and it just uses the default config
file. Setting the config file like this on the command line used to work
has something changed?
Thanks,
--
Bram Cymet
here:
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013956.html
On Oct 06, 2010 09:50 AM, Bram Cymet bcy...@cbnco.com wrote:
Hi,
I am trying to use engine_pkcs11 from opensc to talk to a smartcard. I
am running into a few problems.
My configuration looks like:
openssl_conf
On 08/23/2010 06:19 PM, Bram Cymet wrote:
Hi,
Does any know of what would cause ctx-error to be set to 0 (X509_V_OK
) with a call to x509_verify_cert() that should result in
X509_V_ERR_UNABLE_TO_GET_CRL.
From the OpenSSL Source (x509_vfy.h) it looks like that would mean
there were
to figure out
what these values are?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
?
Thanks,
Bram
On 2010-08-08, at 3:41 PM, Bram Cymet wrote:
I have attempted a number of different command line commands. They are all
similar to:
openssl x509 -extfile req.conf -extensions client_cert -in bcymet-cert.pem
-out test.pem
openssl x509 -req -in req.pem -sha1 -extfile
Ok I see it now.
The whole structure is there asn1parse just can't print out the GENERALSTRINGs
I changed them to UTF8 and I was able to see everything.
Thanks again,
Bram
On 2010-08-09, at 6:51 AM, Bram Cymet wrote:
Ok I was able to get openssl to generate a cert. Now when I got
test.pem
Can you give me an example of how to create the cert or a req with the
extensions?
Thanks,
Bram
On 2010-08-08, at 8:38 AM, Dr. Stephen Henson wrote:
On Fri, Aug 06, 2010, Bram Cymet wrote:
It complains about the client_cert section.
Attached is the conf file.
I am using
On 08/06/2010 01:18 PM, Dr. Stephen Henson wrote:
On Fri, Aug 06, 2010, Bram Cymet wrote:
On 08/06/2010 08:49 AM, Dr. Stephen Henson wrote:
On Wed, Aug 04, 2010, Bram Cymet wrote:
HI,
Give a configuration like the following:
subjectAltName=otherName:1.3.6.1.5.2.2
Hi,
I am trying to add extensions to a cert or a req and when I do I get:
Error Loading extension section section
Is there anyway that I can get more details into why it failed?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
that would be created.
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
To give more information:
At present I don't care about the issuerAltName
and
I would like to be able to generate the octet string that would be needed.
Thanks
On 08/04/2010 03:08 PM, Bram Cymet wrote:
HI,
Give a configuration like the following:
subjectAltName=otherName:1.3.6.1.5.2.2
would my best course of action be to use ASN1_generate_nconf to generate
this OCTET String. Can someone give me an example of how to do this?
On 08/04/2010 03:35 PM, Bram Cymet wrote:
To give more information:
At present I don't care about the issuerAltName
and
I would like to be able
:
otherName:1.3.6.1.5.2.2;
It is the rest of it I am having a hard time figuring out.
Any help would be great.
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project
--type cert --label label --module
/usr/lib64/opensc-pkcs11.so /tmp/encrypt.der
and then use the cert to perform the encryption.
I am wondering if there is a way to get openssl to pull the cert off the
card and use it?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell
Hi,
I have been able to use RSA-PSS to sign some data with OpenSSL. I am
wondering if OpenSSL supports creating certs where the signature
algorithm uses RSA-PSS. In other words, when viewing the properties of
the cert you would get:
Signature Algorithm: 1.2.840.113549.1.1.10
Thanks,
--
Bram
Hi,
I am wondering if with the latest version of Openssl it is possible to
set the Private Key Usage Period extension and if so what is the format
of the parameters?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
-DMD32_REG_T=int -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DWHIRLPOOL_ASM -c -o ts_asn1.o ts_asn1.c
Any ideas as to what could be happening. I am using the latest openssl
source.
Thanks,
Bram Cymet
fine.
Any ideas what could be going on?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http://www.openssl.org
User Support Mailing
-password pass: and there will be no password.
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi,
Is it possible to use openssl to do ecdsa encryption/decryption and if
so how? Or can someone recommend a linux command line tool that would?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
there is no way to get the decrypted data..
Thanks,
--
Bram Cymet
Software Developer
Centre For Technological Innovation
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL Project http
to the right piece of code?
For example on the command line I would do:
OpenSSL engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD \
-pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
Any help would be great,
--
Bram Cymet
Bram Cymet wrote:
I am using a new javacard with the musclecard applet.
I have been able to generate and sign with 1024 bit keys but when I got
to use 2048 bit keys I can only generate them not sign with them.
I get the following error:
6068:error:8006C06D:lib(128):RSA_PRIV_ENC:msc invalid
Nov 4 07:29:12 2008
C-APDU: B0 36 04 01 05 00 03 01 00 00
R-APDU: 90 00
Time: 16 ms
Thanks,
--
Bram Cymet
Software Developer
Centre For Technological Innovation
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
__
OpenSSL
34 matches
Mail list logo