On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > Much better now - but at this time I hit ???unsupported algorithm???. The key > in question is RSA-2048, with SHA256. > > $ LOAD_CERT_CTRL=true VERBOSE=7 openssl pkeyutl -engine pkcs11 -sign > -keyform engine -inkey > "pkcs11:object=SIGN%20key;object-type=private;pin-value=123456" -out > config.status.sig -in config.status.hash > engine "pkcs11" set. > Error initializing context > 140735296230224:error:260C0065:engine > routines:ENGINE_get_pkey_meth:unimplemented public key > method:tb_pkmeth.c:128: > 140735296230224:error:0609D09C:digital envelope > routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:164:
The reason for that is because the -engine option sets the ENGINE to use for everything and the PKCS#11 ENGINE doesn't support that public key method. What we need is a way to load the private key from an ENGINE but not attempt to use that for the actual operations. Temporary fix is to set the second argument in EVP_PKEY_CTX_new to NULL in pkeyutl.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
