Re: [Opensc-devel] pkcs11_engine on windows

[Douglas E E. <dee...@gm...>]

On 4/24/2015 1:28 PM, mike tancsa wrote:
> On 4/24/2015 2:01 PM, Douglas E Engert wrote:
>>
>> First, I have not used cygwin in years...
>
> What is the best way to compile ? Cross compile on a *nix box ?

As far as I know, cygwin should work.

>
>>
>> You may need a LD_LIBRARY_PATH=
>> In your examples, you refer to some absolute paths like:
>> /home/mdtancsa/opensc-pkcs11.dll
>> /usr/local/lib/engines/engine_pkcs11.dll
>> but run from the current directory, using ./ but don't say what that directory is.
>>
>> ./pkcs11-tool.exe appears to have worked using ./opensc-pkcs11.dll
>> What directory was this?
>
> Hi,
>      Its in my home dir. /home/mdtancsa/
>
>>
>> Do you have two copies of opensc-pkcs11.dll?
>> one in /usr/local/lib/
>> and one in /home/mdtancsa/
>
> Just in /home/mdtancsa
>
>>
>> Should you be using MODULE_PATH=/usr/local/lib/opensc-pkcs11.dll?
>
> I havent installed opensc inside my cygwin environment, I just copied the libs/dlls there.  If I give openssl the wrong location, it messes up in a different way, so I think its getting the right path
> info

What dlls do you have in the directory? Do all the dates match?

 From the traces:

OpenSSL> req -engine pkcs11 -new -key 2:45 -keyform engine -out cert.pem
-text -x509 -days 3640 -subj "/CN=Mike Tancsa"
engine "pkcs11" set.
failed to enumerate slots
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
2283136:error:80002003:PKCS11 library:PKCS11_enum_slots:Invalid slot
ID:p11_slot.c:314:
2283136:error:26096080:engine routines:ENGINE_load_private_key:failed
loading private key:eng_pkey.c:124:
unable to load Private Key

p11_slot.c:314:
313         rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info));
314         CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);


So the error message may be misleading, as it does not like the slot.

I have always use the -key format of slot_<n>-id_<n>
The code immpies 1:45 should work.
Can you try:  slot_1-id_45

You could also try using pkcs11-spy to see what slot is being passed to PKCS#11 C_GetSlotInfo

The following is from a unix script as an example:

if [ $SPY -eq 0 ] ; then
         MODULE=$OPENSC_LIB/opensc-pkcs11.so
else
         MODULE=$OPENSC_LIB/pkcs11-spy.so
         PKCS11SPY=$OPENSC_LIB/opensc-pkcs11.so
         export PKCS11SPY
         PKCS11SPY_OUTPUT=/tmp/pkcs11.spy.log
         export PKCS11SPY_OUTPUT
fi

# openssl.conf has prompt = no, no need for extra blank line at end...
cat >/tmp/genreq.openssl.input << EOT
engine dynamic -vvvv -pre SO_PATH:$OPENSC_ENGINE/engines/engine_pkcs11.so -pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD  -pre MODULE_PATH:$MODULE
req $SSLEAY_CONFIG -engine pkcs11 -keyform engine -sha256 -new -key slot_1-id_$ID -out cards/$1.myreq.$KEYID.pem  -text
EOT
openssl < /tmp/genreq.openssl.input
>
>      ---Mike
>
>
>
>
>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>
>
>

-- 

  Douglas E. Engert  <DEE...@gm...>