Menu
▾
▴
Re: [Opensc-devel] OpenSSL3/libp11 RSA keygen
|
From: Jakub J. <jj...@re...> - 2022-11-18 11:01:14
|
On 11/15/22 15:55, Alexandre Gonzalo via Opensc-devel wrote: > Hi All, > > I'd like to know if the libp11 engine officially supports OpenSSL v3. > I am trying to generate an RSA key with the following command and I have > an error: > openssl genrsa -out dummy 4096 > Error setting RSA length > F85455EE79000000:error:03000093:digital envelope > routines:evp_pkey_ctx_ctrl_int:command not > supported:crypto/evp/pmeth_lib.c:1324: > > It is working fine when I don't use the engine. > > I initially thought that it was a bug in OpenSSL and reported the issue: > https://github.com/openssl/openssl/issues/19680 > <https://github.com/openssl/openssl/issues/19680> The OpenSSL 3.0 deprecated engines and libp11 is an openssl engine so they might keep working, but they will be phased out. The libp11 engine to my understanding does not support key generation unless the following pull request will be merged: https://github.com/OpenSC/libp11/pull/474 On the other hand, there is a pkcs11 provider implementation in progress and I AFAIK the key generation is part of the testsuite already and that part should work: https://github.com/latchset/pkcs11-provider But keep in mind that this is still in development so it might not have all the corner cases resolved, but any feedback would be welcomed. Regards, -- Jakub Jelen Crypto Team, Security Engineering Red Hat, Inc. |
