[opensc-devel] Invalid slot number during SSL cert generation on card

Tue, 16 Mar 2010 06:05:25 -0700 

Dear Friends,

I am trying to create a self-signed certificate using Feitian
cryptographic engine:

> OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
> MODULE_PATH:opensc-pkcs11.so
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> [Success]: MODULE_PATH:opensc-pkcs11.so
> Loaded: (pkcs11) pkcs11 engine

Then from the command prompt:

> OpenSSL>req -engine pkcs11 -new -key
> id_c6f280080fb0ed1ebff0480a01d00a98a1b3b89a -keyform engine -x509 -out
> cert.pem -text

This results in:

> openssl
> OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
> MODULE_PATH:opensc-pkcs11.so
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> [Success]: MODULE_PATH:opensc-pkcs11.so
> Loaded: (pkcs11) pkcs11 engine
> OpenSSL> req -engine pkcs11 -new -key
> id_c6f280080fb0ed1ebff0480a01d00a98a1b3b89a -keyform engine -x509 -out
> cert.pem -text
> engine "pkcs11" set.
> Invalid slot number: 0
> PKCS11_get_private_key returned NULL
> unable to load Private Key
> 5842:error:26096080:engine routines:ENGINE_load_private_key:failed
> loading private key:eng_pkey.c:126:
> error in req

Any idea what Invalid slot number: 0 means?

> For information:
> $ pkcs15-tool --list-keys
> Using reader with a card: Feitian SCR301 01 00
> Private RSA Key [Private Key]
> Com. Flags : 3
> Usage : [0x4], sign
> Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
> ModLength : 2048
> Key ref : 1
> Native : yes
> Path : 3f005015
> Auth ID : 01
> ID : c6f280080fb0ed1ebff0480a01d00a98a1b3b89a

Should I create a bug or is this something I do not understand?

Kind regards,

-- 
                  Jean-Michel Pouré - jmpo...@gooze.eu

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to