Dimitrios Siganos wrote: > Hi, > > I have use openssl-1.0.0 and engine_pkcs11 for storing an rsa private > key in a smartcard (feitian epass 3000). I got openssl to access the rsa > private key and used it to create a self-signed certificate like this: > > openssl > > OpenSSL> engine dynamic \ > > -pre SO_PATH:/home/ds/local/lib/engines/engine_pkcs11.so \ > > -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD \ > > -pre MODULE_PATH:opensc-pkcs11.so > > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/home/ds/local/lib/engines/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:opensc-pkcs11.so > Loaded: (pkcs11) pkcs11 engine > > OpenSSL> req -new -x509 -engine pkcs11 -keyform engine -text \ > > -key slot_1-id_6de677f53533e28254d5890e2d7a15a8135883ca \ > > engine "pkcs11" set. > PKCS#11 token PIN: > <Certificate related prompts...> > > So far so good. > > Now, I would like this engine to install automatically i.e. without > having to run the engine command. I tried adding the following to > openssl.cnf > > ########################## > openssl_conf = openssl_def > > [ openssl_def ] > engines = engine_section > > [ engine_section ] > pkcs11 = pkcs11_section > > [ pkcs11_section ] > engine_id = pkcs11 > dynamic_path = /home/ds/local/lib/engines/engine_pkcs11.so > MODULE_PATH = opensc-pkcs11.so > init = 0 > ########################## > > but it doesn't work properly. Here's what I get: > $ openssl engine -t > (dynamic) Dynamic engine loading support > [ unavailable ] > (4758cca) IBM 4758 CCA hardware engine support > [ unavailable ] > (aep) Aep hardware engine support > [ unavailable ] > (atalla) Atalla hardware engine support > [ unavailable ] > (cswift) CryptoSwift hardware engine support > [ unavailable ] > (chil) CHIL hardware engine support > [ unavailable ] > (nuron) Nuron hardware engine support > [ unavailable ] > (sureware) SureWare hardware engine support > [ unavailable ] > (ubsec) UBSEC hardware engine support > [ unavailable ] > (padlock) VIA PadLock (no-RNG, no-ACE) > [ unavailable ] > (gost) Reference implementation of GOST engine > [ available ] > (pkcs11) pkcs11 engine > Auto configuration failed > 1116888:error:260B606D:engine routines:DYNAMIC_LOAD:init > failed:eng_dyn.c:521: > 1116888:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine > configuration error:eng_cnf.c:204:section=pkcs11_section, > name=dynamic_path, value=/home/ds/local/lib/engines/engine_pkcs11.so > 1116888:error:0E07606D:configuration file routines:MODULE_RUN:module > initialization error:conf_mod.c:235:module=engines, > value=engine_section, retcode=-1 > > Can someone shed some light into this? > > I have exactly the same issue (with etokens but also with the Feitian card); see http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013956.html for a quick&dirty fix (comment out one line of opensc code).
It is still unclear if commenting out this line break the GOST openssl engine (I can't get it to break). cheers, JJK _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
