On 26/04/2016 10:08, Johannes Rath wrote: > > Hi all, > > I am trying to create a digest using a key stored on a smart card, but > it fails: > > jor at jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl dgst > -engine pkcs11 -sign 45 -keyform engine -passin pass:1234 -out > test.sig test.txt > > engine "pkcs11" set. > > Error setting context > > 140074800309920:error:260C0065:engine > routines:ENGINE_get_pkey_meth:unimplemented public key > method:tb_pkmeth.c:127: > > 140074800309920:error:0609D09C:digital envelope > routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:164: > > jor at jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl version -a > > OpenSSL 1.0.1f 6 Jan 2014 > > built on: Mon Feb 29 18:11:15 UTC 2016 > > platform: debian-amd64 > > options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) > > compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 > -fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions > -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > > OPENSSLDIR: "/usr/lib/ssl" > > Any ideas? > You have not specified the digest algorithm to sign, so the dgst command defaults to the outdated MD5 algorithm, which your smartcard probably refuses to use. I am assuming that this 1.0.1f is from an Ubuntu package with all the later security fixes merged back in, similar to the 1.0.1e package in Debian Wheezy. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
