Menu
▾
▴
Re: [Opensc-devel] Relation between engine_pkcs11 and openssl
|
From: sarat <sa...@sa...> - 2015-01-03 09:25:31
|
As Engert suggested, I taken the source code from github and I compiled it. I can see the the shared object file os it i.e Libp11.so at /usr/local/lib/. I believe that it was compiled successfully because I didn’t get any error messages while compiling. Is there anyway can we check whether it was compiled successfully or not?
Regards,
Sarat G
From: Sanaullah [mailto:san...@gm...]
Sent: Saturday, January 03, 2015 2:49 PM
To: sarat
Cc: Petr Pisar; ope...@li...
Subject: Re: [Opensc-devel] Relation between engine_pkcs11 and openssl
may be your libp11 was not compiled with EC. did you compile the libp11 by your self or install from Linux repository using Yum or apt.
Here is mine working.
root@VM:/home/san# openssl engine -t dynamic -pre SO_PATH:/opt/smartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/opt/smartcard/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
PKCS11_get_ecdsa_method:223
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
[ available ]
On Sat, Jan 3, 2015 at 2:05 PM, sarat <sa...@sa...> wrote:
Hi Sanaullah,
When I’m running from command line I’m getting the below error.
root@nilotpal:/home/sarat# openssl engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Failure]: LOAD
3073779388:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/local/lib/engines/engine_pkcs11.so): /usr/local/lib/libp11.so.2: undefined symbol: pkcs11_ec_ops
3073779388:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
3073779388:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
[Failure]: MODULE_PATH:/usr/local/lib/opensc-pkcs11.so
3073779388:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:eng_ctrl.c:134:
3073779388:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316:
[ unavailable ]
root@nilotpal:/home/sarat#
Can you please have a look into it.
Regards,
Sarat G
From: Sanaullah [mailto:san...@gm...]
Sent: Saturday, January 03, 2015 2:29 PM
To: sarat
Cc: Petr Pisar; ope...@li...
Subject: Re: [Opensc-devel] Relation between engine_pkcs11 and openssl
Hi Sarat,
Why don't you can try loading the engine using command line instead of configuring it in openssl.cnf
OpenSSL engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
Then run the following command to generate the CSR.
req -engine pkcs11 -new -key 0:10 -keyform engine -out cert.pem -text -x509 -day
Regards,
Sanaullah
On Sat, Jan 3, 2015 at 1:56 PM, sarat <sa...@sa...> wrote:
By doing all this when I ran "openssl engine" I still couldn't able to see
pkcs11 is coming.
root@nilotpal:/home/sarat# openssl engine
(dynamic) Dynamic engine loading support
root@nilotpal:
Any idea, how can I get out of this issue, I tried all possible ways that I
can. I don't know where I'm missing. Can you please help on this. Can you
please let me know do I need to set any environment variables kind of thing,
if so what are those and how do I set.
Thank you.
Regards,
Sarat G
-----Original Message-----
From: Petr Pisar [mailto:pet...@at...]
Sent: Saturday, January 03, 2015 2:18 PM
To: ope...@li...
Subject: Re: [Opensc-devel] Relation between engine_pkcs11 and openssl
On Sat, Jan 03, 2015 at 01:42:47PM +0530, sarat wrote:
> What is -keyform? How could I tell Openssl to link my engine_pkcs11?
> If you don't mind can you provide me the commands for setting up.
As I said, OpenSSL can consume and produce keys. Unfortunatelly, there is
not only one format for storing the keys. One of them is PEM, another is
DER.
So If you pass a key to openssl tools, you can specify which format to
expect or to produce by -keyform argument. Sometimes the argument name
differs for input and output (-inform, -outform).
When OpenSSL introduced the engine API, the developers decided to use the
same argument for declaring that a key is stored in the engine (instead in a
file) and the value besides "PEM" or "DER" becomes "engine". Of course this
does not say which engine. The engine selection is then performed by -engine
argument. Example:
$ openssl req -engine pkcs11 -new -key id_45 -keyform engine -out
request.pem
This will generate certificate request into request.pem file using a key
retrived from "pkcs11" engine by "id_45" identifier. The "pkcs11" is the
value of engine_id configuration option from the configuration file as well
as should be visible in the "openssl engine" output.
However, you first goal is to make "openssl engine" working.
-- Petr
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel
|
