with a private key inside
> a pkcs11 device (on linux).
> So i'm using opsenssl 3.0.0 alpha 13.
>
> I did compile fine (./config --prefix=/opt/openssl enable-deprecated
> --openssldir=/usr/local/ssl -Wl,-rpath=/opt/openssl/lib),
> but i ran into trouble when compiling libp11
into trouble when compiling libp11 to get my pkcs11 engine.
(i had a similar issue while trying to use tpm2-tss-engine)
I can't find a way to build openssl with ERR_put_error() symbol.
I know it's deprecated so i changed the code in libp11 to use
ERR_raise() instead, but again the symbol is also missing
ith code that uses the private key in the HSM to
> encrypt the hash buffer that has been calculated.
>
> My initialisation looks like this
> /* Load the configuration using OPENSSL_CONF environment variable */
> OPENSSL_config(NULL);
> /* Try and load PKCS11 engine */
> co
s like this
/* Load the configuration using OPENSSL_CONF environment variable */
OPENSSL_config(NULL);
/* Try and load PKCS11 engine */
const char* s = getenv("OPENSSL_CONF");
printf("Trying to load pkcs#11 engine\n");
printf("OPENSSL_CONF=%s\n", s);
I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.
I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the
On 09/16/2017 12:18 AM, Dr. Stephen Henson wrote:
> On Fri, Sep 15, 2017, Anton Gerasimov wrote:
>
>> So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
>> in the returned 'struct ec_key_st' to NULL. Is it a failure inside
>> engine_pkcs11.so?
>>
> Well sort of. OpenSSL
On Fri, Sep 15, 2017, Anton Gerasimov wrote:
> So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
> in the returned 'struct ec_key_st' to NULL. Is it a failure inside
> engine_pkcs11.so?
>
Well sort of. OpenSSL requires that public key components are set for private
keys
So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
in the returned 'struct ec_key_st' to NULL. Is it a failure inside
engine_pkcs11.so?
Thanks,
Anton Gerasimov
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Greetings,
I'm trying to make OpenSSL (v. 1.0.2j) get client certificate/private
key from a virtual PKCS#11 device, namely SoftHSM. I've imported a
certificate and private key into SoftHSM, configured openssl as
following and run
openssl s_client -engine pkcs11 -connect mydomain.com:443
,
UI_METHOD *ui_method, void *callback_data);
which seems to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.
No OpenSSL currently doesn't have an API
to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
I want to do the same using C code in an independent program so that I can use
the:
static
the result:
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
I want to do the same
Hi All,
I need to authenticate my client with a smartcard in ssl connection. So i
am using pkcs11 engine.
I have called the functions below, i have successfully read the certificate
from smart card. But while connecting to server client does not send any
certificate. It happens one side ssl
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader Gemplus GemPC Twin 00 00. We are having some
trouble when trying to retrieve the private from a smart card to
decrypt some data. The problem arises when the wrong PIN number is
given
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader Gemplus GemPC Twin 00 00. We are having some
trouble when trying to retrieve the private from a smart card to
decrypt some
Dr. Stephen Henson wrote:
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader Gemplus GemPC Twin 00 00. We are having some
trouble when trying to retrieve the private from
:
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader Gemplus GemPC Twin 00 00. We are having some
trouble when trying to retrieve the private from a smart card
Cesar Henrique Keiti Kuroiwa wrote:
Now we seem to be facing a new issue that comes up when a wrong PIN is
entered and then the card is removed from the reader. After that, we
can no longer do anything with the card after it is re-inserted. Not
even by cleaning and reloading all the
Hi ALL,
I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
am stuck with the implementating RSA padding which is required for RSA
encryption,decryption ,signing and verifying.
I was trying to find the mechanism which is needed for each padding.
RSA_PKCS1_PADDING
, Samuel123smith wrote:
Hi ALL,
I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
am stuck with the implementating RSA padding which is required for RSA
encryption,decryption ,signing and verifying.
I was trying to find the mechanism which is needed for each
:
Hi ALL,
I was trying to write openssl pkcs11 engine implementation for RSA . Now
,I
am stuck with the implementating RSA padding which is required for RSA
encryption,decryption ,signing and verifying.
I was trying to find the mechanism which is needed for each padding
support
[success]: SO_PATH:engine_pkcs11
[success]:ID:pkcs11
[success]:LIST_ADD:1
[success]:LOAD
[success]:MODULE_PATH:OCSCryptolib_P11.dll
Loaded: pkcs11 pkcs11 engine
[available]
OpenSSL rsautl -decrypt -in cipher.txt -out raw.txt -engine pkcs11
-keyform engine -inkey 0
I am using the latest 9.8g openssl on Solaris 10 update 3. The ssl
handshake is working fine. I want to use the Niagra 2 chip to do my
encryping but I need the pkcs11 engine. The 9.8g
ENGINE_load_builtin_engines() does not have pkcs11.
How do I get it and if there is a way then how do I
PKCS11 is interface to hardware cryptographic accelators. If you use PKCS11
engine, instead of software doing the encryption/decryption, hardware does it.
To use, PKCS11, you need to have cryptographic hardware accelator. This comes
by default with Sun Fire T2000.
If you encrypt the data
,
but the RSA enc and dec performance on the amd 64 dell machine running
Solaris x64(100 times RSA enc and dec in 700ms) is also much higher than
the same machine running windows 2003 x86 (100 times RSA enc and dec in
1200ms without pkcs11 engine.
On 2/14/07, durgaprasad jammula [EMAIL PROTECTED
(sparc t2000), it wast
8000ms.
I googled that why Solaris RSA enc and dec is so slow and found that the
pkcs11 engine should be use to improve Solaris RSA performance.
I did use the pkcs11 engine
e = ENGINE_by_id(pkcs11);
if (e != NULL)
{
if (ENGINE_init(e) == 0
routines:ASN1_item_sign:EVP lib:.\crypto\asn1\a_sign.c:276:error in ocspI've tried also with a SmartCard and OpenSC's native opensc-pkcs11.dll module, but the error is still the same. Question is, may this be an issue from OpenSSL or from the OpenSC implementation? Do you know/recommend some other open-source PKCS11
Hello,
Ihavethesameproblem, i'm trying to associated
hw_pkcs11-0.9.7b.patch with openssl-0.9.7b but I can't.
To make it work?
The steps are:
tar xvzf openssl-0.9.7b.tar.gz
OK
patch -p0 hw_pkcs11-0.9.7b.patch
FAULT
C:\...\OPENSSLpatch -p0 hw_pkcs11-0.9.7b.patch
Hi!
I've just downloaded openssl 0.9.7b and successfully patched it with
hw_pkcs11-0.9.7b.patch.gz and compule it under Windows XP using
Visual C++ 6.0.
I want to use this pkcs11 engine to access SmartCards using its
pkcs11 library.
The I successfully created an RSA key pair using:
openssl
Hi all,
I just downloaded the 0.9.7b version of OpenSsl and I expected
to see PKCS11 support in the form of an ENGINE instance.
But apparently that particular engine is not yet bundled with
the rest and so I downloaded the hw_pkcs11-0.9.7b patch (
in the contribution link) which should
From: Pierre De Boeck [EMAIL PROTECTED]
Hi all,
I just downloaded the 0.9.7b version of OpenSsl and I expected
to see PKCS11 support in the form of an ENGINE instance.
But apparently that particular engine is not yet bundled with
the rest and so I downloaded the hw_pkcs11-0.9.7b patch (
: PKCS11 engine
From: Pierre De Boeck [EMAIL PROTECTED]
Hi all,
I just downloaded the 0.9.7b version of OpenSsl and I
expected to see
PKCS11 support in the form of an ENGINE instance.
But apparently that particular engine is not yet bundled
with the rest
and so I downloaded
, 2002 5:49
PM
Subject: RE: trustway pkcs11 engine for
openssl
Afchine,
Hi, I am interested in this
post. Can you tell me a little about this card? Will your comments
about PKCS#11 work with PKCS#7 for example? I helped set up a Linux
system with openssl because we had
Based on openssl-engine-0.9.6c, we have developed
a new engine which allowsopenssl applications and Apache-mod_ssl servers to
use through a PKCS#11interface the security functions provided by the Bull
trustway cc2000 cryptographiccard, taking advantage of key storage in secure
memory and
Uhmmm, we got the message. Several times. Do you *really* think
you'll get wuicker responses by repeating it every day? Some folks
are meaner than me and simply filter people who repeat their emails
too much...
I've got the first copy marked in my inbox. I'm sure have that as
well. Please
Based on openssl-engine-0.9.6c, we have developed a new engine which
allowsopenssl applications and Apache-mod_ssl servers to use through a
PKCS#11interface the security functions provided by the Bull trustway cc2000
cryptographiccard, taking advantage of key storage in secure memory and
37 matches
Mail list logo