On 3/14/16, 17:33, "David Woodhouse" <dw...@infradead.org> wrote:
>On Mon, 2016-03-14 at 21:28 +0000, Blumenthal, Uri - 0553 - MITLL >wrote: >> You are right - the command line was wrong. Here’s the correct line, >> which >> should work, but doesn’t: >> >> $ openssl cms -engine pkcs11 -aes256 -encrypt -in data.txt -binary >> -outform PEM -out data.txt.enc >> "pkcs11:object=Certificate%20for%20Key%20Management;object-type=cert" > >Yeah, that won't work either. Yep… >Perhaps you need the "-certform engine" option. > >Which doesn't exist. :) I’d personally prefer the cms app to have internal logic “if -engine is specified and the cert name starts with ‘pksc11:’ then load it via engine”. It’s been suggested in another forum that perhaps openssl should automatically load the appropriate engine if the resource (key || pubkey || cert) is specified via URI that starts with the engine name (like “pkcs11:”). Does it mean I need to come up with a PR? :-) >(My mailer doesn't seem to trust your signing cert, btw. Should you be >including an intermediate certificate in your messages? For that >matter, should I? :) Yours appear OK. Perhaps because I know StartCom. ;) I’ll send you mine.
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
