[openssl-users] openssl ca pkcs11 UI_set_result_ex:result too large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters
Peter Magnusson
blaufish.public.email at gmail.com
Mon Oct 15 15:40:10 UTC 2018
Hi,
I'm trying to understand how to make "openssl ca" prompt for a PKCS#11
login pin. Version is openssl-1.1.1.
openssl req works as I would expect, prompting for PIN:
YUBIHSM_PKCS11_CONF=yubihsm2-pkcs11.conf \
local-build/bin/openssl \
req -config yubihsm2-openssl.conf -new \
-engine pkcs11 -keyform engine -key slot_0-label_ca_key -out
certs.dir/ca.csr.pem
engine "pkcs11" set.
Enter PKCS#11 token PIN for YubiHSM:
openssl ca I fail to get working, no prompt presented, tried adding
-passin stdin but that has no effect.
YUBIHSM_PKCS11_CONF=yubihsm2-pkcs11.conf \
local-build/bin/openssl ca -passin stdin -engine pkcs11 -keyform
engine -key "pkcs11:token=YubiHSM;object=ca_key;type=private" \
-config yubihsm2-openssl.conf \
-days 3650 -extensions vpn_server_cert \
-out server.cert.pem \
-infiles ../server/certs.dir/server.csr.pem
engine "pkcs11" set.
Using configuration from yubihsm2-openssl.conf
Login failed
Login to token failed, returning NULL...
PKCS11_get_private_key returned NULL
cannot load CA private key from engine
140735853761408:error:28078064:UI routines:UI_set_result_ex:result too
large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters
140735853761408:error:82074007:PKCS#11 module:pkcs11_login:Invalid
arguments:p11_slot.c:240:
140735853761408:error:26096080:engine
routines:ENGINE_load_private_key:failed loading private
key:crypto/engine/eng_pkey.c:78:
unable to load CA private key
Best Regards
//P
More information about the openssl-users
mailing list