Menu
▾
▴
opensc-devel
|
From: Jana N. <jan...@gm...> - 2017-08-24 03:51:03
|
Hello, I want to use OpenSC/libp11 for my project since I want to use the pkcs11 module to access HSM. I've cloned libp11 repo from the master branch, but how do I build it so I can start using it for Centos 6? I've looked at INSTALL.md at https://github.com/OpenSC/libp11/blob/master/INSTALL.md and it suggest I run the below to build libp11: ./configure && make && sudo make install There is no "configure" or "install" under this repo: drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples Thanks! |
|
From: Jakub J. <jj...@re...> - 2017-08-24 06:25:37
|
On Wed, 2017-08-23 at 20:50 -0700, Jana Nguyen wrote: > Hello, > > I want to use OpenSC/libp11 for my project since I want to use the > pkcs11 > module to access HSM. I've cloned libp11 repo from the master > branch, but > how do I build it so I can start using it for Centos 6? I've looked > at > INSTALL.md at https://github.com/OpenSC/libp11/blob/master/INSTALL.md > and > it suggest I run the below to build libp11: > ./configure && make && sudo make install > > There is no "configure" or "install" under this repo: Hello, when you are building from master, the configure is not pre-generated as in the release tarball. In this case, you need to run $ ./bootstrap which in result runs autoreconf and creates a configure for you. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. |
|
From: Kenneth B. <pho...@gm...> - 2017-08-24 15:02:59
|
On 8/23/2017 11:50 PM, Jana Nguyen wrote: > Hello, > > I want to use OpenSC/libp11 for my project since I want to use the > pkcs11 module to access HSM. I've cloned libp11 repo from the master > branch, but how do I build it so I can start using it for Centos 6? > I've looked at INSTALL.md at > https://github.com/OpenSC/libp11/blob/master/INSTALL.md > <https://github.com/OpenSC/libp11/blob/master/INSTALL.md> and it suggest > I run the below to build libp11: > ./configure && make && sudo make install > > There is no "configure" or "install" under this repo: > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src > > -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md > > -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS > > -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak > > -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak > > -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 > > -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc > > -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING > > -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac > <http://configure.ac/> > > -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap > > -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples > > Thanks! > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > Configure is a program in (I think) usr/local/bin directory that uses configure.ac and makefile.am to create the files to compile with. Install is a subsection of the makefile that runs instructions to install the library to it's correct location. |
|
From: Jana N. <jn...@al...> - 2017-08-24 17:51:55
|
$ ./bootstrap ./bootstrap: line 2: autoreconf: command not found It looks like ./boostrap calls autoreconf which is not there on my server. Would it be easier if I get the release tarball? Thanks, Jana On Thu, Aug 24, 2017 at 8:02 AM, Kenneth Benson <pho...@gm...> wrote: > On 8/23/2017 11:50 PM, Jana Nguyen wrote: > > Hello, > > > > I want to use OpenSC/libp11 for my project since I want to use the > > pkcs11 module to access HSM. I've cloned libp11 repo from the master > > branch, but how do I build it so I can start using it for Centos 6? > > I've looked at INSTALL.md at > > https://github.com/OpenSC/libp11/blob/master/INSTALL.md > > <https://github.com/OpenSC/libp11/blob/master/INSTALL.md> and it suggest > > I run the below to build libp11: > > ./configure && make && sudo make install > > > > There is no "configure" or "install" under this repo: > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src > > > > -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md > > > > -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS > > > > -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak > > > > -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak > > > > -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 > > > > -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc > > > > -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING > > > > -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac > > <http://configure.ac/> > > > > -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap > > > > -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples > > > > Thanks! > > > > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > > > _______________________________________________ > > Opensc-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > Configure is a program in (I think) usr/local/bin directory that uses > configure.ac and makefile.am to create the files to compile with. > Install is a subsection of the makefile that runs instructions to > install the library to it's correct location. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Jana N. <jan...@gm...> - 2017-08-24 17:52:35
|
$ ./bootstrap ./bootstrap: line 2: autoreconf: command not found It looks like ./boostrap calls autoreconf which is not there on my server. Would it be easier if I get the release tarball? Thanks, Jana On Thu, Aug 24, 2017 at 8:02 AM, Kenneth Benson <pho...@gm...> wrote: > On 8/23/2017 11:50 PM, Jana Nguyen wrote: > > Hello, > > > > I want to use OpenSC/libp11 for my project since I want to use the > > pkcs11 module to access HSM. I've cloned libp11 repo from the master > > branch, but how do I build it so I can start using it for Centos 6? > > I've looked at INSTALL.md at > > https://github.com/OpenSC/libp11/blob/master/INSTALL.md > > <https://github.com/OpenSC/libp11/blob/master/INSTALL.md> and it suggest > > I run the below to build libp11: > > ./configure && make && sudo make install > > > > There is no "configure" or "install" under this repo: > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src > > > > -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md > > > > -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS > > > > -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak > > > > -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak > > > > -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 > > > > -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc > > > > -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING > > > > -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac > > <http://configure.ac/> > > > > -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap > > > > -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml > > > > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples > > > > Thanks! > > > > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > > > _______________________________________________ > > Opensc-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > Configure is a program in (I think) usr/local/bin directory that uses > configure.ac and makefile.am to create the files to compile with. > Install is a subsection of the makefile that runs instructions to > install the library to it's correct location. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Alon Bar-L. <alo...@gm...> - 2017-08-24 19:03:09
|
Hi, Just download the tarball out of the releases[1] *libp11-0.4.7.tar.gz* <https://github.com/OpenSC/libp11/releases/download/libp11-0.4.7/libp11-0.4.7.tar.gz> Alon [1] https://github.com/OpenSC/libp11/releases On 24 August 2017 at 20:52, Jana Nguyen <jan...@gm...> wrote: > $ ./bootstrap > ./bootstrap: line 2: autoreconf: command not found > > It looks like ./boostrap calls autoreconf which is not there on my > server. > > Would it be easier if I get the release tarball? > > Thanks, > Jana > > On Thu, Aug 24, 2017 at 8:02 AM, Kenneth Benson <pho...@gm...> > wrote: > >> On 8/23/2017 11:50 PM, Jana Nguyen wrote: >> > Hello, >> > >> > I want to use OpenSC/libp11 for my project since I want to use the >> > pkcs11 module to access HSM. I've cloned libp11 repo from the master >> > branch, but how do I build it so I can start using it for Centos 6? >> > I've looked at INSTALL.md at >> > https://github.com/OpenSC/libp11/blob/master/INSTALL.md >> > <https://github.com/OpenSC/libp11/blob/master/INSTALL.md> and it >> suggest >> > I run the below to build libp11: >> > ./configure && make && sudo make install >> > >> > There is no "configure" or "install" under this repo: >> > >> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests >> > >> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src >> > >> > -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md >> > >> > -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS >> > >> > -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak >> > >> > -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak >> > >> > -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am >> > >> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 >> > >> > -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md >> > >> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc >> > >> > -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING >> > >> > -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac >> > <http://configure.ac/> >> > >> > -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap >> > >> > -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml >> > >> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples >> > >> > Thanks! >> > >> > >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > >> > >> > >> > _______________________________________________ >> > Opensc-devel mailing list >> > Ope...@li... >> > https://lists.sourceforge.net/lists/listinfo/opensc-devel >> > >> Configure is a program in (I think) usr/local/bin directory that uses >> configure.ac and makefile.am to create the files to compile with. >> Install is a subsection of the makefile that runs instructions to >> install the library to it's correct location. >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > |
|
From: Jana N. <jan...@gm...> - 2017-08-24 21:01:50
|
Thanks, running the tarball seems to run without error. Following the README.md, I tried to locate opensc-pkcs11.so and libpkcs11.so None was found. Am I suppose to also install the "engine_pkcs11" ? I want to use p11 and OpenSSL from the command line. On Thu, Aug 24, 2017 at 12:02 PM, Alon Bar-Lev <alo...@gm...> wrote: > Hi, > Just download the tarball out of the releases[1] > *libp11-0.4.7.tar.gz* > <https://github.com/OpenSC/libp11/releases/download/libp11-0.4.7/libp11-0.4.7.tar.gz> > Alon > [1] https://github.com/OpenSC/libp11/releases > > > On 24 August 2017 at 20:52, Jana Nguyen <jan...@gm...> wrote: > >> $ ./bootstrap >> ./bootstrap: line 2: autoreconf: command not found >> >> It looks like ./boostrap calls autoreconf which is not there on my >> server. >> >> Would it be easier if I get the release tarball? >> >> Thanks, >> Jana >> >> On Thu, Aug 24, 2017 at 8:02 AM, Kenneth Benson <pho...@gm...> >> wrote: >> >>> On 8/23/2017 11:50 PM, Jana Nguyen wrote: >>> > Hello, >>> > >>> > I want to use OpenSC/libp11 for my project since I want to use the >>> > pkcs11 module to access HSM. I've cloned libp11 repo from the master >>> > branch, but how do I build it so I can start using it for Centos 6? >>> > I've looked at INSTALL.md at >>> > https://github.com/OpenSC/libp11/blob/master/INSTALL.md >>> > <https://github.com/OpenSC/libp11/blob/master/INSTALL.md> and it >>> suggest >>> > I run the below to build libp11: >>> > ./configure && make && sudo make install >>> > >>> > There is no "configure" or "install" under this repo: >>> > >>> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 tests >>> > >>> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 src >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 7563 Aug 22 21:19 README.md >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 7529 Aug 22 21:19 NEWS >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 1454 Aug 22 21:19 make.rules.mak >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 139 Aug 22 21:19 Makefile.mak >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 784 Aug 22 21:19 Makefile.am >>> > >>> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 m4 >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 2346 Aug 22 21:19 INSTALL.md >>> > >>> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 21:19 doc >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 26528 Aug 22 21:19 COPYING >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 7888 Aug 22 21:19 configure.ac >>> > <http://configure.ac/> >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 49 Aug 22 21:19 bootstrap >>> > >>> > -rwxr-xr-x 1 jnguyen SECENG 2205 Aug 22 21:19 appveyor.yml >>> > >>> > drwxr-xr-x 2 jnguyen SECENG 4096 Aug 22 22:10 examples >>> > >>> > Thanks! >>> > >>> > >>> > ------------------------------------------------------------ >>> ------------------ >>> > Check out the vibrant tech community on one of the world's most >>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> > >>> > >>> > >>> > _______________________________________________ >>> > Opensc-devel mailing list >>> > Ope...@li... >>> > https://lists.sourceforge.net/lists/listinfo/opensc-devel >>> > >>> Configure is a program in (I think) usr/local/bin directory that uses >>> configure.ac and makefile.am to create the files to compile with. >>> Install is a subsection of the makefile that runs instructions to >>> install the library to it's correct location. >>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Opensc-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel >>> >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> >> > |
|
From: Ben C. <Ben...@no...> - 2017-08-24 22:35:17
|
Hi Jana, On Thu, 24 Aug 2017 14:01:41 -0700, Jana Nguyen wrote: > Thanks, running the tarball seems to run without error. Following the > README.md, I tried to locate > > opensc-pkcs11.so and libpkcs11.so > > None was found. Am I suppose to also install the "engine_pkcs11" ? I > want to use p11 and OpenSSL from the command line. Are you on a Mac? The files may be called .dylib instead of .so. Here's my notes for running openssl from the command line: 1. You need to be using openssl commands that allow -engine and -keyform flags to be passed in. Not all openssl commands do. If you need to use a command that doesn't, you're out of luck :-( 2. You need to use openssl in interactive mode, by typing "openssl" and then entering commands into the prompt. (Or by doing the equivalent from a shell script using a here-document.) This is because the openssl "engine" command is stateful. It sets up state which is used later by the actual command you're trying to run. Trying to run "openssl engine ..." from your shell, and then trying to run "openssl whatever ...", will lose state between the two invocations. Here's an example of a pair of commands that can be typed into an interactive openssl session: engine dynamic -pre SO_PATH:/path/to/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/hsm/library.so -pre VERBOSE req -new -keyform engine -engine pkcs11 -key "pkcs11:type=private;object=foo;token=bar" -out myreq.csr -subj "/C=US/ST=CA/CN=localhost" -days 10000 (The /path/to/pkcs11.so may be .dylib if you're on a Mac, as noted above) The first "engine" command sets up an engine and names it "pkcs11" (the ID: is what associates it with a name). The -engine flag in the second command refers to the engine by the name we gave it. Then "-keyform engine" says that the key we pass in should be interpreted by the engine, not treated as the name of a file on disk. Then finally the -key flag can be passed as a PKCS11 URL, which works because we did the "-keyform engine". See https://www.ietf.org/rfc/rfc7512.txt for a description of the PKCS11 URI format. Hope this helps! I went through the same process of discovery you're going through, earlier this year. ~Ben |
|
From: Jana N. <jn...@al...> - 2017-08-24 23:11:34
|
Unfortunately I'm not on MAC, I'm on Centos 6. It's linux. I'm trying to see if Safenet HSM works with openssl from cryptography. It seems running ./configure && make && sudo make install Did not generate me the: opensc-pkcs11.so and libpkcs11.so Am I missing an additional step? Thanks pkcs11 guru for responding. On Thu, Aug 24, 2017 at 3:12 PM, Ben Cottrell <Ben...@no...> wrote: > Hi Jana, > > On Thu, 24 Aug 2017 14:01:41 -0700, Jana Nguyen wrote: > > Thanks, running the tarball seems to run without error. Following the > > README.md, I tried to locate > > > > opensc-pkcs11.so and libpkcs11.so > > > > None was found. Am I suppose to also install the "engine_pkcs11" ? I > > want to use p11 and OpenSSL from the command line. > > Are you on a Mac? The files may be called .dylib instead of .so. > > Here's my notes for running openssl from the command line: > > 1. You need to be using openssl commands that allow -engine and > -keyform flags to be passed in. Not all openssl commands do. If > you need to use a command that doesn't, you're out of luck :-( > > 2. You need to use openssl in interactive mode, by typing > "openssl" and then entering commands into the prompt. (Or by > doing the equivalent from a shell script using a here-document.) > This is because the openssl "engine" command is stateful. It > sets up state which is used later by the actual command you're > trying to run. Trying to run "openssl engine ..." from your shell, > and then trying to run "openssl whatever ...", will lose state > between the two invocations. > > Here's an example of a pair of commands that can be typed into an > interactive openssl session: > > engine dynamic -pre SO_PATH:/path/to/pkcs11.so -pre ID:pkcs11 -pre > LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/hsm/library.so -pre VERBOSE > > req -new -keyform engine -engine pkcs11 -key "pkcs11:type=private;object=foo;token=bar" > -out myreq.csr -subj "/C=US/ST=CA/CN=localhost" -days 10000 > > (The /path/to/pkcs11.so may be .dylib if you're on a Mac, as noted above) > > The first "engine" command sets up an engine and names it "pkcs11" (the ID: > is what associates it with a name). > > The -engine flag in the second command refers to the engine by the name we > gave it. Then "-keyform engine" says that the key we pass in should be > interpreted by the engine, not treated as the name of a file on disk. Then > finally the -key flag can be passed as a PKCS11 URL, which works because we > did the "-keyform engine". > > See https://www.ietf.org/rfc/rfc7512.txt for a description of the > PKCS11 URI format. > > Hope this helps! I went through the same process of discovery you're > going through, earlier this year. > > ~Ben > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Ben C. <Ben...@no...> - 2017-08-24 23:44:30
|
Hi Jana, On Thu, 24 Aug 2017 16:11:24 -0700, Jana Nguyen wrote: > It seems running ./configure && make && sudo make install > > Did not generate me the: > > opensc-pkcs11.so and libpkcs11.so What *did* it generate? The openssl engine is called "pkcs11.so" when I build on Linux. I'm guessing if you don't tell the configure script any different, it'll end up in /usr/local/lib. If you're wanting to use it with openssl, you don't want "libp11.so" or "libpkcs11.so" -- those are lower level libraries that are part of the OpenSC libp11 project, they're not the OpenSSL dynamically-loadable engine. The OpenSSL engine is "pkcs11.so". ~Ben |
|
From: Bernd E. <ec...@zu...> - 2017-08-24 23:46:17
|
Just a FYI, the 0.14 version of opensc is in the CentOS EPEL repository, so you do not need to built it yourself: https://centos.pkgs.org/6/epel-x86_64/opensc-0.14.0-2.el6.x86_64.rpm.html Gruss Bernd -- http://bernd.eckenfels.net _____________________________ From: Jana Nguyen <jn...@al...<mailto:jn...@al...>> Sent: Freitag, August 25, 2017 1:11 AM Subject: Re: [Opensc-devel] How to build OpenSC/libp11 ? To: Ben Cottrell <ben...@no...<mailto:ben...@no...>> Cc: <ope...@li...<mailto:ope...@li...>> Unfortunately I'm not on MAC, I'm on Centos 6. It's linux. I'm trying to see if Safenet HSM works with openssl from cryptography. It seems running ./configure && make && sudo make install Did not generate me the: opensc-pkcs11.so and libpkcs11.so Am I missing an additional step? Thanks pkcs11 guru for responding. On Thu, Aug 24, 2017 at 3:12 PM, Ben Cottrell <Ben...@no...<mailto:Ben...@no...>> wrote: Hi Jana, On Thu, 24 Aug 2017 14:01:41 -0700, Jana Nguyen wrote: > Thanks, running the tarball seems to run without error. Following the > README.md, I tried to locate > > opensc-pkcs11.so and libpkcs11.so > > None was found. Am I suppose to also install the "engine_pkcs11" ? I > want to use p11 and OpenSSL from the command line. Are you on a Mac? The files may be called .dylib instead of .so. Here's my notes for running openssl from the command line: 1. You need to be using openssl commands that allow -engine and -keyform flags to be passed in. Not all openssl commands do. If you need to use a command that doesn't, you're out of luck :-( 2. You need to use openssl in interactive mode, by typing "openssl" and then entering commands into the prompt. (Or by doing the equivalent from a shell script using a here-document.) This is because the openssl "engine" command is stateful. It sets up state which is used later by the actual command you're trying to run. Trying to run "openssl engine ..." from your shell, and then trying to run "openssl whatever ...", will lose state between the two invocations. Here's an example of a pair of commands that can be typed into an interactive openssl session: engine dynamic -pre SO_PATH:/path/to/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/hsm/library.so -pre VERBOSE req -new -keyform engine -engine pkcs11 -key "pkcs11:type=private;object=foo;token=bar" -out myreq.csr -subj "/C=US/ST=CA/CN=localhost" -days 10000 (The /path/to/pkcs11.so may be .dylib if you're on a Mac, as noted above) The first "engine" command sets up an engine and names it "pkcs11" (the ID: is what associates it with a name). The -engine flag in the second command refers to the engine by the name we gave it. Then "-keyform engine" says that the key we pass in should be interpreted by the engine, not treated as the name of a file on disk. Then finally the -key flag can be passed as a PKCS11 URL, which works because we did the "-keyform engine". See https://www.ietf.org/rfc/rfc7512.txt for a description of the PKCS11 URI format. Hope this helps! I went through the same process of discovery you're going through, earlier this year. ~Ben ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot _______________________________________________ Opensc-devel mailing list Ope...@li...<mailto:Ope...@li...> https://lists.sourceforge.net/lists/listinfo/opensc-devel |
|
From: Jana N. <jn...@al...> - 2017-08-24 23:54:22
|
Hi Ben, You're correct, it generated libp11.so but NOT libpkcs11.so under /usr/local/lib drwxr-x--- 2 root root 4096 Aug 24 20:37 pkgconfig -rwxr-xr-x 1 root root 290953 Aug 24 20:37 libp11.so.2.4.7 lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so.2 -> libp11.so.2.4.7 lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so -> libp11.so.2.4.7 -rwxr-xr-x 1 root root 938 Aug 24 20:37 libp11.la -rw-r--r-- 1 root root 552282 Aug 24 20:37 libp11.a Ok, so my understanding is I should get OpenSSL engine? If so, can you point me to the rpm or release? On Thu, Aug 24, 2017 at 4:24 PM, Ben Cottrell <Ben...@no...> wrote: > Hi Jana, > > On Thu, 24 Aug 2017 16:11:24 -0700, Jana Nguyen wrote: > > It seems running ./configure && make && sudo make install > > > > Did not generate me the: > > > > opensc-pkcs11.so and libpkcs11.so > > What *did* it generate? The openssl engine is called "pkcs11.so" when > I build on Linux. I'm guessing if you don't tell the configure script > any different, it'll end up in /usr/local/lib. > > If you're wanting to use it with openssl, you don't want "libp11.so" or > "libpkcs11.so" -- those are lower level libraries that are part of the > OpenSC libp11 project, they're not the OpenSSL dynamically-loadable > engine. The OpenSSL engine is "pkcs11.so". > > ~Ben > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Ben C. <Ben...@no...> - 2017-08-25 00:10:25
|
On Thu, 24 Aug 2017 16:54:12 -0700, Jana Nguyen wrote: > You're correct, it generated libp11.so but NOT libpkcs11.so under > /usr/local/lib OK, well, no substitute for "try it and see what happens" I guess... My company has a tightly controlled build process for our software and we never just do ./configure with no arguments. So I naively assumed it'd go into /usr/local/lib, but in fact it doesn't seem to. When I tried "./configure" with no arguments just now, it put the openssl engine into: /usr/lib64/engines/pkcs11.so So try checking there? :-) I can confirm that when I fetched: https://github.com/OpenSC/libp11/releases/download/libp11-0.4.7/libp11-0.4.7.tar.gz and did: ./configure && make && sudo make install just now, that's where it put it. ~Ben |
|
From: Jana N. <jn...@al...> - 2017-08-25 19:38:04
|
Ben, thanks I am able to find pkcs11.so under /usr/lib64/engines/ I would recommend updating the INSTALL.md. It didn't mentioned anything about running ./bootstrap if building from source and the per-requisite is installing autconf, etc. It would be helpful in the INSTALLmd, if specify by default the "*.so" files get generated to path /usr/lib64/engines/ On Thu, Aug 24, 2017 at 5:10 PM, Ben Cottrell <Ben...@no...> wrote: > On Thu, 24 Aug 2017 16:54:12 -0700, Jana Nguyen wrote: > > You're correct, it generated libp11.so but NOT libpkcs11.so under > > /usr/local/lib > > OK, well, no substitute for "try it and see what happens" I guess... > > My company has a tightly controlled build process for our software and > we never just do ./configure with no arguments. So I naively assumed > it'd go into /usr/local/lib, but in fact it doesn't seem to. > > When I tried "./configure" with no arguments just now, it put the openssl > engine into: > > /usr/lib64/engines/pkcs11.so > > So try checking there? :-) > > I can confirm that when I fetched: https://github.com/OpenSC/ > libp11/releases/download/libp11-0.4.7/libp11-0.4.7.tar.gz > > and did: ./configure && make && sudo make install > > just now, that's where it put it. > > ~Ben > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Bernd E. <ec...@zu...> - 2017-08-25 02:38:38
|
BTW, SafeNet offers their own PKCS#11 library, I am not sure why you would need the opensc version. Look for libCryptoki2_64.so I would expect Opensc to only work with Aladin Tokens but not with (networked) HSMs. Gruss Bernd -- http://bernd.eckenfels.net ________________________________ From: Jana Nguyen <jn...@al...> Sent: Friday, August 25, 2017 1:54:12 AM To: Ben Cottrell Cc: ope...@li... Subject: Re: [Opensc-devel] How to build OpenSC/libp11 ? Hi Ben, You're correct, it generated libp11.so but NOT libpkcs11.so under /usr/local/lib drwxr-x--- 2 root root 4096 Aug 24 20:37 pkgconfig -rwxr-xr-x 1 root root 290953 Aug 24 20:37 libp11.so.2.4.7 lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so.2 -> libp11.so.2.4.7 lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so -> libp11.so.2.4.7 -rwxr-xr-x 1 root root 938 Aug 24 20:37 libp11.la<http://libp11.la> -rw-r--r-- 1 root root 552282 Aug 24 20:37 libp11.a Ok, so my understanding is I should get OpenSSL engine? If so, can you point me to the rpm or release? On Thu, Aug 24, 2017 at 4:24 PM, Ben Cottrell <Ben...@no...<mailto:Ben...@no...>> wrote: Hi Jana, On Thu, 24 Aug 2017 16:11:24 -0700, Jana Nguyen wrote: > It seems running ./configure && make && sudo make install > > Did not generate me the: > > opensc-pkcs11.so and libpkcs11.so What *did* it generate? The openssl engine is called "pkcs11.so" when I build on Linux. I'm guessing if you don't tell the configure script any different, it'll end up in /usr/local/lib. If you're wanting to use it with openssl, you don't want "libp11.so" or "libpkcs11.so" -- those are lower level libraries that are part of the OpenSC libp11 project, they're not the OpenSSL dynamically-loadable engine. The OpenSSL engine is "pkcs11.so". ~Ben ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Opensc-devel mailing list Ope...@li...<mailto:Ope...@li...> https://lists.sourceforge.net/lists/listinfo/opensc-devel |
|
From: Ben C. <Ben...@no...> - 2017-08-25 02:47:30
|
Bernd, On Fri, 25 Aug 2017 02:38:23 +0000, Bernd Eckenfels wrote: > BTW, SafeNet offers their own PKCS#11 library, I am not sure why you would > need the opensc version. Look for libCryptoki2_64.so > > I would expect Opensc to only work with Aladin Tokens but not with > (networked) HSMs. I think I'm in largely the same situation as Jana is -- my team needed something to be able to make openssl be able to do crypto operations against keys stored in a networked HSM. Specifically the openssl engine that is part of opensc, is the piece of opensc that we're using. It works in conjunction with (not instead of) the vendor's pkcs11 library. I assume the libCryptoki2_64.so you mention, is what Jana is going to have to put in as the MODULE_PATH parameter for the opensc openssl engine. ~Ben |
|
From: Sanaullah <san...@gm...> - 2017-08-25 02:53:50
|
> >BTW, SafeNet offers their own PKCS#11 library, I am not sure why you would >> need the opensc version. Look for libCryptoki2_64.so > >I would expect Opensc to only work with Aladin Tokens but not with >> (networked) HSMs. >>I think I'm in largely the same situation as Jana is -- my team >needed something to be able to make openssl be able to do crypto >operations against keys stored in a networked HSM. >Specifically the openssl engine that is part of opensc, is the >piece of opensc that we're using. It works in conjunction with (not >instead of) the vendor's pkcs11 library. >I assume the libCryptoki2_64.so you mention, is what Jana is going >to have to put in as the MODULE_PATH parameter for the opensc >openssl engine. There is patch from safenet which you should request to safenet in order to work with openssl or use the safenet provided tools to work on safenet networked HSM like CloudHSM Regards, Sanaullah ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot On Fri, Aug 25, 2017 at 7:47 AM, Ben Cottrell <Ben...@no...> wrote: > Bernd, > > On Fri, 25 Aug 2017 02:38:23 +0000, Bernd Eckenfels wrote: > > BTW, SafeNet offers their own PKCS#11 library, I am not sure why you > would > > need the opensc version. Look for libCryptoki2_64.so > > > > I would expect Opensc to only work with Aladin Tokens but not with > > (networked) HSMs. > > I think I'm in largely the same situation as Jana is -- my team > needed something to be able to make openssl be able to do crypto > operations against keys stored in a networked HSM. > > Specifically the openssl engine that is part of opensc, is the > piece of opensc that we're using. It works in conjunction with (not > instead of) the vendor's pkcs11 library. > > I assume the libCryptoki2_64.so you mention, is what Jana is going > to have to put in as the MODULE_PATH parameter for the opensc > openssl engine. > > ~Ben > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Jana N. <jn...@al...> - 2017-08-25 19:50:52
|
Bernd thanks for pointing out that Opensc only support Aladen Token. With my project, we are currently using the Openssl library for Python to generate/store credentials on a usb stick. Now we need to access Safenet HSM instead of usb but want to continue to leverage Openssl cryptography from Python to access the Safenet HSM I've contacted Safenet, they gave me an Openssl toolkit to configure. On Thu, Aug 24, 2017 at 7:38 PM, Bernd Eckenfels <ec...@zu...> wrote: > BTW, SafeNet offers their own PKCS#11 library, I am not sure why you would > need the opensc version. Look for libCryptoki2_64.so > > I would expect Opensc to only work with Aladin Tokens but not with > (networked) HSMs. > > Gruss > Bernd > -- > http://bernd.eckenfels.net > ------------------------------ > *From:* Jana Nguyen <jn...@al...> > *Sent:* Friday, August 25, 2017 1:54:12 AM > *To:* Ben Cottrell > *Cc:* ope...@li... > *Subject:* Re: [Opensc-devel] How to build OpenSC/libp11 ? > > Hi Ben, > > You're correct, it generated libp11.so but NOT libpkcs11.so under > /usr/local/lib > > drwxr-x--- 2 root root 4096 Aug 24 20:37 pkgconfig > -rwxr-xr-x 1 root root 290953 Aug 24 20:37 libp11.so.2.4.7 > lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so.2 -> libp11.so.2.4.7 > lrwxrwxrwx 1 root root 15 Aug 24 20:37 libp11.so -> libp11.so.2.4.7 > -rwxr-xr-x 1 root root 938 Aug 24 20:37 libp11.la > -rw-r--r-- 1 root root 552282 Aug 24 20:37 libp11.a > > Ok, so my understanding is I should get OpenSSL engine? If so, can you > point me to the rpm or release? > > > > On Thu, Aug 24, 2017 at 4:24 PM, Ben Cottrell <Ben...@no...> > wrote: > >> Hi Jana, >> >> On Thu, 24 Aug 2017 16:11:24 -0700, Jana Nguyen wrote: >> > It seems running ./configure && make && sudo make install >> > >> > Did not generate me the: >> > >> > opensc-pkcs11.so and libpkcs11.so >> >> What *did* it generate? The openssl engine is called "pkcs11.so" when >> I build on Linux. I'm guessing if you don't tell the configure script >> any different, it'll end up in /usr/local/lib. >> >> If you're wanting to use it with openssl, you don't want "libp11.so" or >> "libpkcs11.so" -- those are lower level libraries that are part of the >> OpenSC libp11 project, they're not the OpenSSL dynamically-loadable >> engine. The OpenSSL engine is "pkcs11.so". >> >> ~Ben >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X