On 26/04/2016 10:08, Johannes Rath wrote:
Hi all,
I am trying to create a digest using a key stored on a smart card, but
it fails:
jor@jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl dgst
-engine pkcs11 -sign 45 -keyform engine -passin pass:1234 -out
test.sig test.txt
engine "pkcs11" set.
Error setting context
140074800309920:error:260C0065:engine
routines:ENGINE_get_pkey_meth:unimplemented public key
method:tb_pkmeth.c:127:
140074800309920:error:0609D09C:digital envelope
routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:164:
jor@jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Mon Feb 29 18:11:15 UTC 2016
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions
-Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
Any ideas?
You have not specified the digest algorithm to sign, so the dgst
command defaults to the outdated MD5 algorithm, which your
smartcard probably refuses to use.
I am assuming that this 1.0.1f is from an Ubuntu package with all
the later security fixes merged back in, similar to the 1.0.1e
package in Debian Wheezy.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users