Hi Gilad, Thanks for your advice. I don't use C_Login in the, because the session is always public, and if it's called, the C_Login returns always CKR_OK. (case of crypto hardware). In case of smartcards , you're right, it is mandatory to add a C_Login to take into the user session. So, I agree with you to add the C_Login to the open session function. I think that each evolution and ability added to the pkcs#11 engine , like creating certificate on the hardware, is welcome.
Regards Afchine ______________________________________ [EMAIL PROTECTED] Bull TrustWay R&D http://www.trustway.bull.com ----- Original Message ----- From: "Gilad Finkelstein" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 11:20 AM Subject: FW: pkcs#11 engine for openssl newbie question > Hi, > My apologizes for the first item (pack requirements) > I have checked the code and found your remark on setting the CK_Win32 to > enable pack of 1 on windows platforms. > > I had to add a C_Login in your open session function to enable access to the > private keys for sign and generate operations. (And I think you would agree > this should be the generic case of pkcs#11 implementation) > > I would also like to add the ability to create the certificate on the > hardware token and not as a file. > > > > Thanks for your help > > Gilad > > > > -----Original Message----- > From: Gilad Finkelstein > Sent: Sunday, June 15, 2003 11:48 AM > To: 'Afchine Madjlessi' > Subject: RE: pkcs#11 engine for openssl newbie question > > > Hi, > I have progressed allot and can inform you of the following information I > found. > 1. Your code assumes pkcs11 function structure list pack of 4, my > cryptoLibrary uses pack 1 (and so is RSA one) I think it would be safer to > use pack 1 when compiling on win32 platform (using the #pragma pack) > 2. I do not understand how your code successfully generates a key pair > without C_Login first. > It seems not to use the pkcs#11 standard of C_Login when ever a private key > operation is required. > I added in my code a pkcs#11_login for cases like this and now I am able to > generate keys on my hardware. > > If I find more things I will let you know. > Gilad > > > -----Original Message----- > From: Afchine Madjlessi [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 11, 2003 4:18 PM > To: Gilad Finkelstein > Subject: Re: pkcs#11 engine for openssl newbie question > > > By default the pkcs#11 engine looks for the bull hardware crypto. > For your purpose you have to undef BULL_CC2000 and in the hw_pkcs11.c > (in crypto/engine directory) and recompile. > Then your pkcs#11 api library must be called libpkcs11.so on linux or > pkcs11.dll on win32. > Good luck > Afchine > > > ----- Original Message ----- > From: "Gilad Finkelstein" <[EMAIL PROTECTED]> > To: "'Afchine Madjlessi'" <[EMAIL PROTECTED]> > Sent: Wednesday, June 11, 2003 4:57 PM > Subject: RE: pkcs#11 engine for openssl newbie question > > > > Thanks for your reply, > > I tried the script and got signal 11 on every attempt. > > Is the engine looking for a certain pkcs#11 library name (e.g pkcs11.so || > > pkcs11.dll ) ? > > I use cygwin on windows2000 with a xxxx.dll for pkcs#11 interface to my > > smart card. > > > > Gilad > > > > -----Original Message----- > > From: Afchine Madjlessi [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 11, 2003 3:37 PM > > To: Gilad Finkelstein > > Cc: [EMAIL PROTECTED] > > Subject: Re: pkcs#11 engine for openssl newbie question > > > > > > Hi, > > I used the joined shell to generate key pair on my crypto hardware, a CSR, > > and make a self-signed certificate. > > Regards > > Afchine Madjlessi > > > > ----- Original Message ----- > > From: "Gilad Finkelstein" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, June 11, 2003 4:21 PM > > Subject: pkcs#11 engine for openssl newbie question > > > > > > > HI, > > > I address you as a last resort since I can not find any answers in > openssl > > > groups/web on how to use engines in general and pkcs#11 interface in > > > particular. > > > Can you please direct me to a descent place where I can see how to use > > your > > > generic pkcs#11 openssl engine. > > > Can a simple test be run via openssl util ? how ? any other test that > for > > > example generates RSA key on my smart card ? > > > I was able to compile openssl 0.97 with your patch but I am not sure > what > > > should I do next (I compiled both on Linux and on Windows using cygwin) > > > If I am able to use openssl over my hardware PKCS#11 token I intend to > > write > > > a FAQ on how to achive that (if that was not written already somewhere ) > > > > > > Thanks > > > Gilad Finkelstein > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
