Re: How to access keys on HW tokens via PKCS11 Provider?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Uri,

On Tue, Feb 7, 2023 at 8:19 PM Blumenthal, Uri - 0553 - MITLL
<uri@xxxxxxxxxx> wrote:
>
> On 2/7/23, 13:52, "Richard Levitte" <levitte@xxxxxxxxxxx> wrote:
> > On Tue, 07 Feb 2023 04:23:01 +0100,Blumenthal, Uri - 0553 - MITLL wrote:
> >
> > > Here’s what I have in “openssl.cnf” (relevant excerpt):
> >
> > In the [pkcs11_sect], there's this suspicious line:
> >
> > > pkcs11-module-allow-export
> >
> > That might cause the configuration parsing to fail.  Unfortunately,
> > the errors are silenced.
>
> Alas, removing that line seemed to have no effect, similar to attempt to use other ways of identifying the key:
>
> Decrypt CMS message in file /tmp/derive.1143.text.cms...
> openssl cms -decrypt -aes256 -binary -inform PEM -in /tmp/derive.1143.text.cms -out /tmp/derive.1143.text.dec -inkey "pkcs11:id=%03;object-type=private"
> Could not open file or uri for loading signing key from pkcs11:id=%03;object-type=private
> 40F6064DF87F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:237:scheme=file
> 40F6064DF87F0000:error:80000002:system library:file_open:No such file or directory:providers/implementations/storemgmt/file_store.c:267:calling stat(pkcs11:id=%03;object-type=private)
> 40F6064DF87F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:237:scheme=pkcs11
> 40F6064DF87F0000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:383:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (pkcs11 : 0), Properties (<null>)
>
> FAILED to create decrypted file /tmp/derive.1143.text.dec
>
> There is a disconnect between what OpenSSL (or this provider) expects, and what it finds in URI.

What is the OpenSSL version you use? There were some fixes after 3.0.7
related to some problems found by PKCS#11 provider authors.


-- 
SY, Dmitry Belyavsky




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux