Hello The openca parameters are correct, just like Michael said the cakey.pem file does not contain your private key instead it contains information about the key stored in the token, reference information if you would. One thing I noticed if you use the new openssl or Chrysalis-ITS patched OpenSSL you need to use the application ID's (hi, low) in the $LUNA_PREFIX/etc/Chrystoki.conf. for example my development system Chrystoki.conf looks like this
Chrystoki2 = {
LibUNIX=/usr/lib/libcrystoki2.so;
}
CardReader = {
RemoteCommand=1;
}
Luna = {
DefaultTimeOut=500000;
PEDTimeout1=100000;
PEDTimeout2=100000;
}
EngineLunaCA3= {
LibPath=/usr/luna/lib/libcrystoki2.so;
EngineInit=1:11:10;
}
and you should be able to use it with openca like this. I noticed if you
try to pass the application id's on the command line it does not work.
hope that helped
best regards
Bahaa Al-amood
>
> > Secret Key
> > -----BEGIN ROSA PRIVATE KEY-----
> > MIICHQIBAAKCAgEA1vcooeVP95d6TVJtTggKL03h7HzeZ5KzC/TGjVRVZp1VbWUX
> > rbuenC1s10zf5+3siputzu0mkDQ6ItxWNoCz1MD
> > ..
> > zfzvJ1czqf0rjH+eqczrKwM8pPhr1j/wrkThnolzRnMmCsRZBLFDO0Wyrk0CAQMC
> > AQECAQwCAQsCAQECAQECAQE=
> > -----END RSA PRIVATE KEY-----
>
> I'm not the top expert for Luna CA3 but there is something
> going wrong.
> cakey.pem doesn't include the private key. It includes only a
> reference
> to the private key because some Luna devices can store more
> than one key.
>
> If you see a private key then this key was never created by
> the Luna CA3
> device because you cannot export a private key into software
> from a Luna
> CA device - an if you can do it then you cracked the device ;)
>
> You can generate the private key manually with the
> HSM_GENKEY_CMD. After
> this you can check the file cakey.pem again and it should not
> contain a
> real private key!
>
> Are the parameters opensslEngine and opensslEngineArg are correct?
> Bahaa, do you have any ideas?
>
> Greetings Michael
> --
> -------------------------------------------------------------------
> Michael Bell Email: [EMAIL PROTECTED]
> ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
> (Computing Centre) Fax: +49 (0)30-2093 2704
> Humboldt-University of Berlin
> Unter den Linden 6
> 10099 Berlin Email (private): [EMAIL PROTECTED]
> Germany http://www.openca.org
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_06
> 1203_01/01
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
smime.p7s
Description: S/MIME cryptographic signature
