macOS 10.14.6, Xcode-11.3 (with older Xcode it used to work), p11-kit 0.23.18, OpenSSL-1.1.1d, current master of OpenSC and libp11. Somehow, p11-kit proxy that selects the correct PKCS#11 library to pass the request to, is no longer invoked. Any help is appreciated! $ openssl cms -engine pkcs11 -keyform engine -aes256 -decrypt -binary -inform PEM -in /tmp/derive.95470.text.cms -out /tmp/derive.95470.text.dec -inkey "pkcs11:manufacturer=piv_II;object=KEY%20MAN%20key;object-type=private" engine "pkcs11" set. GOST engine already loaded Unable to load module /opt/local/lib/p11-kit-proxy.dylib GOST engine already loaded Unable to load module /opt/local/lib/p11-kit-proxy.dylib PKCS11_get_private_key returned NULL cannot load signing key file from engine 4458096064:error:260B606D:engine routines:dynamic_load:init failed:crypto/engine/eng_dyn.c:485: 4458096064:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=gost_section, name=dynamic_path, value=/opt/local/lib/engines-1.1/gost.dylib 4458096064:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, retcode=-1 4458096064:error:83065006:PKCS#11 module:pkcs11_check_token:Function failed:p11_load.c:92: 4458096064:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:78: unable to load signing key file $ ll /opt/local/lib/p11-kit-proxy.dylib lrwxr-xr-x 1 root admin 18 Dec 11 13:21 /opt/local/lib/p11-kit-proxy.dylib@ -> libp11-kit.0.dylib $ ll /opt/local/lib/libp11-kit.0.dylib -rwxr-xr-x 1 root admin 1442912 Dec 11 13:23 /opt/local/lib/libp11-kit.0.dylib* $ — Regards, Uri
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
