Hi Mickal: The following is an extract from one of our How-To docs that we're about to release:
Install the Win32 OpenSSL standard Binary Package: Create the following in C:\openssl-win32\bin\openssl.cnf # # OpenSSL example configuration file for definition of CAPI engine. # openssl_conf = openssl_init [openssl_init] oid_section = new_oids engines = engine_section [engine_section] capi = capi_config [capi_config] engine_id = capi dynamic_path = c:\\openssl-win32\\bin\\capi.dll init=1 This sets up OpenSSL to be able to use the CAPI engine. Confirm this is working by typing the following: openssl engine -t -post list_csps And you should see a list as follows: Available CSPs: 0. Gemalto Classic Card CSP, type 1 1. Infineon SICRYPT Base Smart Card CSP, type 1 2. Microsoft Base Cryptographic Provider v1.0, type 1 3. Microsoft Base DSS and Diffie-Hellman Cryptographic Provider, type 13 4. Microsoft Base DSS Cryptographic Provider, type 3 5. Microsoft Base Smart Card Crypto Provider, type 1 6. Microsoft DH SChannel Cryptographic Provider, type 18 7. Microsoft Enhanced Cryptographic Provider v1.0, type 1 8. Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, type 13 9. Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype), type 24 10. Microsoft Exchange Cryptographic Provider v1.0, type 5 11. Microsoft RSA SChannel Cryptographic Provider, type 12 12. Microsoft Strong Cryptographic Provider, type 1 13. Schlumberger Cryptographic Service Provider, type 1 [Success]: list_csps From here, some interesting things to be able to do: openssl engine -t -post list_options:35 -post list_certs This will list all of the certs as well as information about their private keys (whether that certificate has a private key in the store associated with it). Have fun! Patrick. On 2010-09-08, at 10:19 AM, Michal Trojnara wrote: > > Guys, > > I spent a day trying to load CAPI engine in OpenSSL 1.0.0a. > > The error I received was: > > C:\test>openssl engine -t dynamic -pre "SO_PATH:capieay32" -pre ID:capi > -pre LOAD > WARNING: can't open config file: /usr/local/ssl/openssl.cnf > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:capieay32 > [Success]: ID:capi > [Failure]: LOAD > 5220:error:260B606D:engine routines:DYNAMIC_LOAD:init > failed:eng_dyn.c:521: > [ unavailable ] > > The same error is printed when a full path is specified. > For an incorrect file name it returned a different error: > > C:\test>openssl engine -t dynamic -pre "SO_PATH:nonexisting" -pre ID:capi > -pre LOAD > WARNING: can't open config file: /usr/local/ssl/openssl.cnf > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:nonexisting > [Success]: ID:capi > [Failure]: LOAD > 4672:error:25078067:DSO support routines:WIN32_LOAD:could not load the > shared library:dso_win32.c:18 > 0:filename(nonexisting.dll) > 4672:error:25070067:DSO support routines:DSO_load:could not load the > shared library:dso_lib.c:244: > 4672:error:260B6084:engine routines:DYNAMIC_LOAD:dso not > found:eng_dyn.c:450: > [ unavailable ] > > Was anyone able to use CAPI in OpenSSL 1.0.0a? I tried to find any > example in the Internet, but without any luck. > > Best regards, > Mike > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org --- Patrick Patterson President and Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca tel: +1 514 485 0789 mobile: +1 514 994 8699 fax: +1 450 424 9559 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org