Using engine to create a digest fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/04/2016 10:08, Johannes Rath wrote:
>
> Hi all,
>
> I am trying to create a digest using a key stored on a smart card, but 
> it fails:
>
> jor at jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl dgst 
> -engine pkcs11  -sign 45 -keyform engine -passin pass:1234 -out 
> test.sig test.txt
>
> engine "pkcs11" set.
>
> Error setting context
>
> 140074800309920:error:260C0065:engine 
> routines:ENGINE_get_pkey_meth:unimplemented public key 
> method:tb_pkmeth.c:127:
>
> 140074800309920:error:0609D09C:digital envelope 
> routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:164:
>
> jor at jorVirtualUbuntu1404:/mnt/Projects/TestOpenSC$ openssl version  -a
>
> OpenSSL 1.0.1f 6 Jan 2014
>
> built on: Mon Feb 29 18:11:15 UTC 2016
>
> platform: debian-amd64
>
> options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
>
> compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT 
> -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 
> -fstack-protector --param=ssp-buffer-size=4 -Wformat 
> -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions 
> -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int 
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
> -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
>
> OPENSSLDIR: "/usr/lib/ssl"
>
> Any ideas?
>
You have not specified the digest algorithm to sign, so the dgst
command defaults to the outdated MD5 algorithm, which your
smartcard probably refuses to use.

I am assuming that this 1.0.1f is from an Ubuntu package with all
the later security fixes merged back in, similar to the 1.0.1e
package in Debian Wheezy.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux