enssl with a private key inside
> a pkcs11 device (on linux).
> So i'm using opsenssl 3.0.0 alpha 13.
>
> I did compile fine (./config --prefix=/opt/openssl enable-deprecated
> --openssldir=/usr/local/ssl -Wl,-rpath=/opt/openssl/lib),
> but i ran into trouble when compiling
i ran into trouble when compiling libp11 to get my pkcs11 engine.
(i had a similar issue while trying to use tpm2-tss-engine)
I can't find a way to build openssl with ERR_put_error() symbol.
I know it's deprecated so i changed the code in libp11 to use
ERR_raise() instead, but again the sy
crypt with code that uses the private key in the HSM to
> encrypt the hash buffer that has been calculated.
>
> My initialisation looks like this
> /* Load the configuration using OPENSSL_CONF environment variable */
> OPENSSL_config(NULL);
> /* Try and load PKCS11 engine */
&
looks like this
/* Load the configuration using OPENSSL_CONF environment variable */
OPENSSL_config(NULL);
/* Try and load PKCS11 engine */
const char* s = getenv("OPENSSL_CONF");
printf("Trying to load pkcs#11 engine\n");
printf("OPENSSL_CONF=%s\n&quo
I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.
I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the fol
On 09/16/2017 12:18 AM, Dr. Stephen Henson wrote:
> On Fri, Sep 15, 2017, Anton Gerasimov wrote:
>
>> So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
>> in the returned 'struct ec_key_st' to NULL. Is it a failure inside
>> engine_pkcs11.so?
>>
> Well sort of. OpenSSL requir
On Fri, Sep 15, 2017, Anton Gerasimov wrote:
> So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
> in the returned 'struct ec_key_st' to NULL. Is it a failure inside
> engine_pkcs11.so?
>
Well sort of. OpenSSL requires that public key components are set for private
keys (e
So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
in the returned 'struct ec_key_st' to NULL. Is it a failure inside
engine_pkcs11.so?
Thanks,
Anton Gerasimov
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Greetings,
I'm trying to make OpenSSL (v. 1.0.2j) get client certificate/private
key from a virtual PKCS#11 device, namely SoftHSM. I've imported a
certificate and private key into SoftHSM, configured openssl as
following and run
openssl s_client -engine pkcs11 -connect mydomain.com:443 -cert
t;
> int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
> STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
> STACK_OF(X509) **pother,
> UI_METHOD *ui_method, void *callback_data);
>
> which seems to be a bit too specific (where would I get an SSL pointer
&
er,
UI_METHOD *ui_method, void *callback_data);
which seems to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.
> Steve.
> --
> Dr Stephen N. Henson
D:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so
>
> which yields the result:
>
>
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
>
pport
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
I want to do the same using C code in an independent program so that I can use
the:
s
Hi All,
I need to authenticate my client with a smartcard in ssl connection. So i
am using pkcs11 engine.
I have called the functions below, i have successfully read the certificate
from smart card. But while connecting to server client does not send any
certificate. It happens one side ssl
Cesar Henrique Keiti Kuroiwa wrote:
Now we seem to be facing a new issue that comes up when a wrong PIN is
entered and then the card is removed from the reader. After that, we
can no longer do anything with the card after it is re-inserted. Not
even by cleaning and reloading all the ENGINE-relate
on wrote:
> > On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
> >
> >
> >> Hello
> >>
> >> We are trying to use the PKCS11 engine for OpenSSL to interface with a
> >> smart card reader "Gemplus GemPC Twin 00 00". We ar
Dr. Stephen Henson wrote:
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader "Gemplus GemPC Twin 00 00". We are having some
trouble when trying to retrieve the priva
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
> Hello
>
> We are trying to use the PKCS11 engine for OpenSSL to interface with a
> smart card reader "Gemplus GemPC Twin 00 00". We are having some
> trouble when trying to retrieve the private from a
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader "Gemplus GemPC Twin 00 00". We are having some
trouble when trying to retrieve the private from a smart card to
decrypt some data. The problem arises when the wrong PIN numbe
; On Thu, Feb 04, 2010 at 06:24:13AM -0800, Samuel123smith wrote:
> >
> > Hi ALL,
> >
> > I was trying to write openssl pkcs11 engine implementation for RSA . Now
> ,I
> > am stuck with the implementating RSA padding which is required for RSA
> > encryption,decryption ,signi
, Samuel123smith wrote:
>
> Hi ALL,
>
> I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
> am stuck with the implementating RSA padding which is required for RSA
> encryption,decryption ,signing and verifying.
>
> I was trying to find the mechan
Hi ALL,
I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
am stuck with the implementating RSA padding which is required for RSA
encryption,decryption ,signing and verifying.
I was trying to find the mechanism which is needed for each padding.
RSA_PKCS1_PADDING
ing support
[success]: SO_PATH:engine_pkcs11
[success]:ID:pkcs11
[success]:LIST_ADD:1
[success]:LOAD
[success]:MODULE_PATH:OCSCryptolib_P11.dll
Loaded: pkcs11 engine
[available]
OpenSSL> rsautl -decrypt -in cipher.txt -out raw.txt -engine pkcs11
-keyform engine -i
I am using the latest 9.8g openssl on Solaris 10 update 3. The ssl
handshake is working fine. I want to use the Niagra 2 chip to do my
encryping but I need the pkcs11 engine. The 9.8g
ENGINE_load_builtin_engines() does not have pkcs11.
How do I get it and if there is a way then how do I
,
but the RSA enc and dec performance on the amd 64 dell machine running
Solaris x64(100 times RSA enc and dec in 700ms) is also much higher than
the same machine running windows 2003 x86 (100 times RSA enc and dec in
1200ms without pkcs11 engine.
On 2/14/07, durgaprasad jammula <[EMAIL PROTEC
PKCS11 is interface to hardware cryptographic accelators. If you use PKCS11
engine, instead of software doing the encryption/decryption, hardware does it.
To use, PKCS11, you need to have cryptographic hardware accelator. This comes
by default with Sun Fire T2000.
If you encrypt the data with
d decryption
wasted 1500ms, then I ran the code on Solaris (sparc t2000), it wast
8000ms.
I googled that why Solaris RSA enc and dec is so slow and found that the
pkcs11 engine should be use to improve Solaris RSA performance.
I did use the pkcs11 engine
e = ENGINE_by_id("pkcs11"
0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:.\crypto\asn1\a_sign.c:276:error in ocspI've tried also with a SmartCard and OpenSC's native opensc-pkcs11.dll module, but the error is still the same. Question is, may this be an issue from OpenSSL or from the OpenSC implementation? Do you know/recommend
Hello,
Ihavethesameproblem, i'm trying to associated
hw_pkcs11-0.9.7b.patch with openssl-0.9.7b but I can't.
To make it work?
The steps are:
>>tar xvzf openssl-0.9.7b.tar.gz
OK
>>patch -p0 < hw_pkcs11-0.9.7b.patch
FAULT
C:\...\OPENSSL>patch -p0 < hw_pkcs11-0.9.7b.
Hi!
I've just downloaded "openssl 0.9.7b" and successfully patched it with
"hw_pkcs11-0.9.7b.patch.gz" and compule it under Windows XP using
"Visual C++ 6.0".
I want to use this "pkcs11 engine" to access SmartCards using its
pkcs11 library.
The
PM
> To: [EMAIL PROTECTED]
> Subject: Re: PKCS11 engine
>
>
> From: "Pierre De Boeck" <[EMAIL PROTECTED]>
> > Hi all,
> >
> > I just downloaded the 0.9.7b version of OpenSsl and I
> expected to see
> > PKCS11 support in the form of an ENGINE
From: "Pierre De Boeck" <[EMAIL PROTECTED]>
> Hi all,
>
> I just downloaded the 0.9.7b version of OpenSsl and I expected
> to see PKCS11 support in the form of an ENGINE instance.
>
> But apparently that particular engine is not yet bundled with
> the rest and so I downloaded the "hw_pkcs11-0.9.7
Hi all,
I just downloaded the 0.9.7b version of OpenSsl and I expected
to see PKCS11 support in the form of an ENGINE instance.
But apparently that particular engine is not yet bundled with
the rest and so I downloaded the "hw_pkcs11-0.9.7b" patch (
in the contribution link) which should
Thursday, April 25, 2002 5:49
PM
Subject: RE: trustway pkcs11 engine for
openssl
Afchine,
Hi, I am interested in this
post. Can you tell me a little about this card? Will your comments
about PKCS#11 work with PKCS#7 for example? I helped set up a Linux
system with
Uhmmm, we got the message. Several times. Do you *really* think
you'll get wuicker responses by repeating it every day? Some folks
are meaner than me and simply filter people who repeat their emails
too much...
I've got the first copy marked in my inbox. I'm sure have that as
well. Please be
Based on openssl-engine-0.9.6c, we have developed
a new engine which allowsopenssl applications and Apache-mod_ssl servers to
use through a PKCS#11interface the security functions provided by the Bull
trustway cc2000 cryptographiccard, taking advantage of key storage in secure
memory and acc
Based on openssl-engine-0.9.6c, we have developed a new engine which
allowsopenssl applications and Apache-mod_ssl servers to use through a
PKCS#11interface the security functions provided by the Bull trustway cc2000
cryptographiccard, taking advantage of key storage in secure memory and
37 matches
Mail list logo