I'm trying to generate a PKCS#10 CSR using an Aladdin eToken Pro 64k with a 2048 bit key.
I'm using Windows Vista 32bit, with the Aladdin PKI Client drivers v5.1, OpenSC 0.12.0, and Win32 OpenSSL 1.0.0d. I can generate the CSR with a 1024 bit key generated on board with no problems. When I use a 2048 bit key, I get this error: 7640:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:.\crypto\asn1\a_sign.c:279: error in req There are no other error messages shown, and no output file is generated. The OpenSSL commands I'm using are: engine dynamic -pre SO_PATH:C:\WINDOWS\SYSTEM32\engine_pkcs11.dll -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:C:\WINDOWS\SYSTEM32\opensc-pkcs11.dll req -engine pkcs11 -new -key slot_1-id_<40HexDigits> -keyform engine -out csr.pem -text The only change between the commands for the 1024 and 2048 bit keys is using a different key id. To see if it made a difference, I tried a cygwin build of OpenSSL and engine_pkcs11.dll, as follows: engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.dll -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:C:\\WINDOWS\\SYSTEM32\\opensc-pkcs11.dll req -engine pkcs11 -new -key slot_1-id_<40HexDigits> -keyform engine -out csr.pem -text I got the same error, just a different line number: 7128:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:281: error in req I've seen a couple of reports from people having problems with longer keys on USB tokens before, was there any resolution of those? (There was a suggestion it might be something to do with padding.) I'd be grateful for any ideas. Thanks! - Craig. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
