Hello, I want to write a program in which I can load a certificate from a smartcard instead of having it in a file on the client machine. In order to do so I will be using the opensc's engine_pkcs11 module. The module works fine using the shell but I want to implement it as an independent program. For example if I use the rsautl module then I can provide the inkey option and keyform option to use the private key from the smartcard. Look at the snippet below: openssl rsautl -sign -in file -keyform engine -engine pkcs11 -inkey slot_1-id_54a4c9bdaf3ff82b3367b586a6658c23 -out sig In order to do so I have to load the engine first. I do that as follows: ??? openssl engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so which yields the result: ??? (dynamic) Dynamic engine loading support ??? [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so ??? [Success]: ID:pkcs11 ??? [Success]: LIST_ADD:1 ??? [Success]: LOAD ??? [Success]: MODULE_PATH:opensc-pkcs11.so ??? Loaded: (pkcs11) pkcs11 engine I want to do the same using C code in an independent program so that I can use the: ??? static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id) function to get the certificate from the smart card. So I tried to debug engine.c using ddd debugger to understand exactly which part of the code was required to just load the engine. In the same program I want to use the opensc function to load certificate directly from the smartcard and then use it in further server client communication. Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150716/6d15fc48/attachment.html>
