Loading pkcs11 engine opensc without using command line

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, 

I want to write a program in which I can load a certificate from a smartcard instead of having it in a file on the client machine. In order to do so I will be using the opensc's engine_pkcs11 module. The module works fine using the shell but I want to implement it as an independent program. For example if I use the rsautl module then I can provide the inkey option and keyform option to use the private key from the smartcard. Look at the snippet below:
openssl rsautl -sign -in file -keyform engine -engine pkcs11 -inkey slot_1-id_54a4c9bdaf3ff82b3367b586a6658c23 -out sig
In order to do so I have to load the engine first. I do that as follows:

??? openssl engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so

which yields the result:


??? (dynamic) Dynamic engine loading support
??? [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
??? [Success]: ID:pkcs11
??? [Success]: LIST_ADD:1
??? [Success]: LOAD
??? [Success]: MODULE_PATH:opensc-pkcs11.so
??? Loaded: (pkcs11) pkcs11 engine


I want to do the same using C code in an independent program so that I can use the:


??? static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id)
function to get the certificate from the smart card.

So I tried to debug engine.c using ddd debugger to understand exactly which part of the code was required to just load the engine. In the same program I want to use the opensc function to load certificate directly from the smartcard and then use it in further server client communication.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150716/6d15fc48/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux