Hy You got right i've a problem with openssl here is my output of it
/usr/luna_ssl/bin/openssl rsa -engine LunaCA3 -in server.key -text -noout engine "LunaCA3" set. unable to load Private Key 22277:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field missing:tasn_dec.c:391:Field=iqmp, Type=RSA 22277:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96: 22277:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122: Any idea what's wrong. I tryed to used openssl-0.9.6 witch is provided by Chrysalis and here is output /root/luna/luna_orig/usr/local/ssl/bin/openssl rsa -engine LunaCA3 -in /root/server.key -text -noout engine "LunaCA3" set. read RSA key unable to load key 22369:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139: 22369:error:0D080065:asn1 encoding routines:d2i_ASN1_INTEGER:bad object header:a_int.c:204: 22369:error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing:d2i_r_pr.c:116: 22369:error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:89: 22369:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290: I'm loging to Luna by ca3util before of executing all of this. Rastlin On Mon, 2005-04-11 at 09:13 +0100, [EMAIL PROTECTED] wrote: > Rastlin, > > OK, before we start, can you confirm that you have OpenSSL talking to the > Luna CA3 correctly. As you (probably) know the OpenSSL does not support > the Luna devices out of the box, you must patch the source code. SafeNet > (ex Chrysalis) only provide a patch for OpenSSL 0.9.7 (I have got it going > with OpenSSL 0.9.7e but I had to edit the patch). So have you: > > 1. Patched the OpenSSL 0.9.7 source code with the SafeNet patch > 2. Installed the SafeNet tools (calogin, cautil etc.) > 3. Used the cautil tools to check that you have got the CA3 working > (create a new key pair) > 4. Used OpenSSL from the command line to check that it can talk to the CA3 > (something like "openssl rsa -engine LunaCA3 -in /root/test/test.key -text > -noout") > > Only when you can do all of the above can you start thinking about OpenCA. > > Now, OpenCA 0.9.1-7 works with the CA3, but the lowest version of the > OpenCA 0.9.2 series that is Luna compatable is 0.9.2.2. Earlier versions > of 0.9.2 will _not_ work. > > As for your issues with already created keys on the Luna, I think you will > be OK as long as you have the "cakey.pem" file. This is a PEM file > containing a pointer to the location of the private key on the HSM device. > What I would do is use OpenCA to create a normal soft key, and then > replace the cakey.pem (in ../openca/var/crypto/cakeys) file with your HSM > generated pem file. This should work fine. > > I hope this helps. > > Chris... > > > I've such problem. Installed openca 0.9.2 > > Installed openssl-0.9.7 > > > > Configured openssl and openca. Right know when > > i'm starting openca i have to login to Luna so > > this is fine. > > > > Right now i have a problem witch is: > > Generate new CA secret key (from openca menu) <- schould i create it if > > my secret key is on LunaCa3 ? > > Anyway i'm creating it and it is in DER format,but couldn't be > > read in any way > > > > /usr/luna_ssl/bin/openssl rsa -engine LunaCA3 -inform DER > > -in /usr/local/pki/var/crypto/keys/cakey.pem -text > > ofcourse i'm login in this session to Luna and have initialized token. > > > > engine "LunaCA3" set. > > unable to load Private Key > > 1679:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad > > tag:a_set.c:179: > > 1679:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > > tag:tasn_dec.c:939: > > 1679:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > > error:tasn_dec.c:304:Type=RSA > > 1679:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 > > lib:d2i_pr.c:96: > > > > If i try to read it as a PEM i got inform that there is iqmp missing. > > And also when trying to do req (from openca Administrative) i also got > > error. > > First i'm executing this command from web > > > > req -new -config /usr/local/pki/etc/openssl/openssl.cnf -subj > > "/C=PL/O=BLA/OU=Pixel Technology/CN=BLE/[EMAIL PROTECTED]" > > -engine LunaCA3 -keyform PEM > > -key /usr/local/pki/var/crypto/keys/cakey.pem > > -out /usr/local/pki/var/crypto/reqs/careq.pem > > > > and got this error > > OpenCA::OpenSSL->genReq: Cannot execute command (7777067). engine > > "LunaCA3" set. > > unable to load Private Key > > 1928:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field > > missing:tasn_dec.c:391:Field=iqmp, Type=RSA > > 1928:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 > > lib:d2i_pr.c:96: > > 1928:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 > > lib:pem_pkey.c:117: > > error in req > > > > I've try to google something without success. Waiting for help. > > > > Rastlin > > > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > OpenCA-Devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-devel
signature.asc
Description: This is a digitally signed message part
