[opencryptoki-users] Problems with TrouSerS PKCS#11 interface

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm trying to import a certificate signed using the tpm engine
(openssl-tpm-engine) into Firefox on Ubuntu 12.04.

I'm using Infineon TPM and I have already configured the tpm token with
'tpmtoken_init'. The PKCS#11 module (libopencryptoki.so) was successfully
imported on Firefox. But when I try to import a certificate I get the
following alert:

"Failed to decode the file.  Either it is not in PKCS #12 format, has been
corrupted, or the password you entered was incorrect."

Here is the command that I am using to generate the certificate:

"openssl req -keyform engine -engine
/usr/local/lib/openssl/engines/libtpm.so -key Authroity.key -x509 -out
Authority.crt"

I tried to create another certificate using:

"openssl req -keyform engine -engine
/usr/local/lib/openssl/engines/libtpm.so -key Client.key -new -out
Client.csr"
and:
"openssl x509 -req -in Client.csr -CA Authority.crt -CAkey Authority.key
-CAkeyform engine -engine /usr/local/lib/openssl/engines/libtpm.so
-CAcreateserial -out Client.crt"

The keys "Authority.key" and "Client.key" were generated using
"create_tpm_key".

But I get the alert when I try to import any of them.
Am I doing something wrong?