Menu
▾
▴
Re: [Opensc-devel] Engine support for ed25519 keys
|
From: Jakub J. <jj...@re...> - 2018-10-17 14:59:32
|
On Fri, 2018-09-14 at 18:40 +0000, Paras Shah (parashah) via Opensc- devel wrote: > Does the pkcs11 engine support the ed25519 keys? > > I get the following error when I try to access the ed25519 key stored > in SoftHSM via the openssl engine interface. > > []:~$ openssl pkey -in > "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a16 > 0d52b750862f;token=token%202.5.0- > rc1;id=%22%22;object=ed25519%20leaf%20key;type=private" -inform > ENGINE -engine pkcs11 -text > engine "pkcs11" set. > Enter PKCS#11 token PIN for token 2.5.0-rc1: > Key not found. > PKCS11_get_private_key returned NULL > cannot load key from engine > 140736065815424:error:80067065:pkcs11 engine:ctx_load_privkey:object > not found:eng_back.c:862: > 140736065815424:error:26096080:engine > routines:ENGINE_load_private_key:failed loading private > key:crypto/engine/eng_pkey.c:78: > unable to load key > > > The openssl version used above is 1.1.1. which supports the ed25519 > keys. The current PKCS#11 specification does not define the ed25519 keys yet. The SoftHSM has them in vendor-specific extensions (if I am right), which is not interoperable with neither engine_pkcs11 nor openssl in the end. The next PKCS#11 specification should support the ed25519 keys in standard way so once this will be out, SoftHSM fixed and the support implemented in engine_pkcs11, all together will work. Until then, you are limited to other key formats. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. |
