Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunately can be constructed by EVP_PKEY *.
So far so good. The key is found, but when I try to use it in a SSL
connection i get following error:
error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
I use a current Windows 10. Do I need to use a different Algorithm in
order to work? Some googeling is indicating the provider might be wrong.
Regards,
Richard
I juse following code to load the key:
ENGINE *engine = ENGINE_by_id("dynamic");
assert(engine);
ENGINE_ctrl_cmd_string(engine, "SO_PATH", "./capi.dll", 0);
ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
assert(ENGINE_init(engine));
assert(ENGINE_register_complete(engine));
ERR_load_ENGINE_strings();
assert(ENGINE_cmd_is_executable(engine, CAPI_CMD_DEBUG_LEVEL));
assert(ENGINE_ctrl(engine, CAPI_CMD_DEBUG_LEVEL, 2, nullptr, nullptr));
assert(ENGINE_ctrl(engine, CAPI_CMD_DEBUG_FILE, 0,
(void*)"C:\\Users\\user\\AppData\\Local\\Temp\\engine.txt", 0));
EVP_PKEY *key = ENGINE_load_private_key(engine, "localhost", NULL,
NULL);
if (!key)
{
cerr << "key is null";
return {};
}
QSslKey ssl_key(static_cast<Qt::HANDLE>(key));
Trace Output is:
Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
Opening certificate store MY
capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
Called CAPI_rsa_sign()
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
