That is not it. It results in the same error for the EC key.
It is not the URL or the ID. Because for a RSA key in the softhsm with id = 3333, it works fine with url containing id=%33%33
$ openssl pkey -in "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%33%33;object=rsa%20key;type=private" -engine pkcs11 -inform ENGINE
engine "pkcs11" set.
Enter PKCS#11 token PIN for token 2.5.0-rc1:
-----BEGIN PRIVATE KEY-----
MIIBJwIBADANBgkqhkiG9w0BAQEFAASCAREwggENAgEAAoIBAQDD3378F1XbXJvP
WP2GtZry0u6sL3eNYktQwJfhDMz5evDG+PahVjCMszV5CZvG+Kvap40xPBJoonqi
oMAQsoLu7/fTx82aEL3TbdjXNLFnQ2KKYmfG9ymx80sLHMmdmDXpNNE+bEKJz1dp
t1Q0cVduwmqSfB8JyIE6Udz7JX7HCXaVmxoK7z4Njh3dyHsqhdqKIx0dBuK0hCaq
4zPzGP/sORA3G9ZPxxpEvF3gvE/zsXj7ifihqbqr2eIFOpB/lQqAehsgQT5/6Iq+
9pAX2LCxNkaUHYYZpMkM8Oi37jzg8PX/FnHdm9HQU2IBqYhoqo7/VsNdUDln2QHN
dGAUprcbAgMBAAE=
-----END PRIVATE KEY-----
Coming back to EC key, looking at the error logs emitted, it does seem to recognize it to be EC (the logs contain EC_routines) somehow but then fails.
On 9/17/18, 2:22 PM, "openssl-users on behalf of Richard Levitte" <openssl-users-bounces@xxxxxxxxxxx on behalf of
levitte@xxxxxxxxxxx> wrote:
In message <4AC69FC3-BEC7-46F6-882A-671196FC0156@xxxxxxxxxxx> on Mon, 17 Sep 2018 20:59:59 +0000, "Paras Shah (parashah)"
<parashah@xxxxxxxxx> said:
> 4. Import the key into softhsm
>
> []:~$ softhsm2-util --import ~/tmp/secp256k1-key.pem.pkcs8 --label "ec key" --id 1111 --token
> "token 2.5.0-rc1"
Ok, so here, the ID is "1111"
> 5. Get the pkcs11 url for the private key
>
> []:~$ p11tool --login --provider=/usr/local/lib/softhsm/libsofthsm2.so --set-pin=1111 --list-all
>
> Object 0:
>
> URL:
> pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%11%11;object=ec%20key;type=private
But here, the ID is "%11%11", and since those get percent decoded,
that's actually two vertical tabs, or with C vector syntax,
{ 0x0b, 0x0b }
I'm not sure what engine-pkcs11 asks of you otherwise, but one guess
could be to change 'id=%11%11' to 'id=1111' in that URL and try again.
Cheers,
Richard
--
Richard Levitte levitte@xxxxxxxxxxx
OpenSSL Project
http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe:
https://mta.openssl.org/mailman/listinfo/openssl-users