Hi Oliver,
We effectively have to enter the passphrase under "PKI Operation – Manage Secrets" before importing the key and its certificate with "openxpkiadm". Thanks a lot for your help ! Best regards, Thierry De : Oliver Welter <[email protected]> Envoyé : lundi 9 août 2021 13:25 À : [email protected] Objet : ⚠️ Re: [OpenXPKI-users] Crypto layer problem Hi Thierry, did you unlock the secret under "PKI Operation - Manage Secrets"? Even if its not required at this stage it seems as the crypto layer tries to init the token and looks for its password. Oliver Am 09.08.21 um 12:00 schrieb [email protected] <mailto:[email protected]> : Hello, I try to configure openxpki to use the "plain" method on the datasafe token but I have the following error : 2021/08/09 10:40:53 I18N_OPENXPKI_CRYPTO_OPENSSL_ENGINE_GET_PASSWD_UNDEF Error running command: I18N_OPENXPKI_CRYPTO_OPENSSL_ENGINE_GET_PASSWD_UNDEF at /usr/share/perl5/OpenXPKI/Client/Simple.pm line 461. When I execute the following command : openxpkiadm alias --file /home/tna/DataVault-1.crt --realm SCLEWebServer --token datasafe --key /home/tna/DataVault-1.key My configuration is the following : ----------------------------------------------------------------------------------------- Crypto.yaml : type: certsign: ca-signer-ws datasafe: vault-ws token: default: backend: OpenXPKI::Crypto::Backend::OpenSSL key: /etc/openxpki/local/keys/[% PKI_REALM %]/[% ALIAS %].pem engine: OpenSSL engine_section: '' engine_usage: '' key_store: OPENXPKI shell: /usr/bin/openssl wrapper: '' randfile: /var/openxpki/rand secret: default ca-signer-ws: inherit: default key_store: DATAPOOL key: "[% ALIAS %]" vault-ws: inherit: default key: /etc/openxpki/local/keys/[% ALIAS %].pem secret: dataprotect # Define the secret groups secret: default: import: 1 dataprotect: label: Database protection key export: 0 method: plain cache: daemon ----------------------------------------------------------------------------------------- If I try with the "literal" method and the value associated for the password, it works perfectly. I haven't try yet to import the ca signer token but I think it will be the same problem… Could you help me to solve this problem ? Best regards, Thierry _______________________________________________ OpenXPKI-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/openxpki-users__;!!La4veWw!mZu2oUZpz0hY3Gh7NADfv_IZlLSBQBAkj_LwoMRcoaGIr0F1lMUcXTVV99MWoqXxio3x$> -- Protect your environment - close windows and adopt a penguin! ⚠️ This symbol is automatically added to emails originating from outside of the organization. Be extra careful with hyperlinks and attachments.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
