On Mon, 2016-03-14 at 19:27 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > $ openssl cms -engine pkcs11 -aes256 -encrypt -binary -in data.txt > -outform engine "pkcs11:object=KEY%20MAN%20pubkey;object-type=public"
That isn't what -outform does. It controls the output format of the encrypted result: $ openssl cms -aes256 -encrypt -binary -in data.txt -outform PEM cert.pem -----BEGIN CMS----- MIICIgYJKoZIhvcNAQcDoIICEzCCAg8CAQAxggHKMIIBxgIBADCBrTCBpzELMAkG ... There is no option which makes it obtain the *certificate* (to which it is encrypting the CMS message) from an engine. There isn't even a standard way for an engine to provide such functionality — the PKCS#11 engine currently exposes it only with a custom "LOAD_CERT_CTRL" command. This is just one of many reasons why libp11/engine_pkcs11 needs to die as a separate project, and we need to incorporate proper PKCS#11 support into OpenSSL natively. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
