Re: Error with "dgst -sign"

Mon, 28 Jun 2010 09:40:10 -0700 

It's a custom engine.
load privkey is the pointer to function used as argument in the call:
ENGINE_set_load_privkey_function (e, load_private_key);
This function is called when OpenSSL try to get the command line "key"
argument.
In that function I assign the RSA private key (get it from hardware, only
modulus and public exponent) to the EVP with:
EVP_PKEY_assign_RSA (pk, rsa);
where pk is EVP_PKEY *pk; and rsa is RSA *rsa;
Everything goes well until the load_private_key function ends and returns
the EVP_PKEY. When that call ends, OpenSSL throws the error I said before.

2010/6/28 Dr. Stephen Henson <st...@openssl.org>

> On Mon, Jun 28, 2010, Nacho lvarez wrote:
>
> > I think I wrote this mail in a wrong way so I post it again:
> >
> > Hello, when I run:
> >
> > openssl dgst -sha1 -sign <id_of_private_key> -keyform engine -out
> > <file> -engine <id-engine> <file-with-data>
> >
> > In OpenSSL 0.9.8 when the load privkey function ends, OpenSSL is
> > waiting and do nothing (doesn't invoke rsa_sign), it doesn't do
> > anything more.
> > In openSSL 1.0.0a when the load privkey function ends, OpenSSL throws
> > the next error:
> >
> > Error setting context
> > 3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented
> > public key method:.\crypto\engine\tb_pkmeth.c:127:
> > 3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported
> > algorithm:.\crypto\evp\pmeth_lib.c:161:
> > error in dgst
> >
> > Do I have to do something further define rsa sign function and link it
> > in the RSA_METHOD?.
> > Thanks again.
>
> Is this a custom ENGINE or a standard one?
>
> Which "load privkey" function do you mean? The one in the ENGINE? Are you
> assigning the key to an EVP_PKEY correctly? You *must* use
> EVP_PKEY_assign_RSA() or similar in 1.0.0 as other structures get
> initialised
> at the same time.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>

Reply via email to