[openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

Paweł Witas pw178860 at gmail.com
Thu Dec 10 07:54:20 UTC 2015 

C:\Libs\openssl\bin>pkcs11-tool.exe --module enigmap11.dll --login
--login-type user --type privkey -O
Using slot 0 with a present token (0x0)
Logging in to "ENCARD Token kwalifikowany".
Please enter User PIN: Private Key Object; RSA
  label:
  ID:         d7f4b99792cc4dd708e408d3eb91b566e0a06c02
  Usage:      decrypt, sign

C:\Libs\openssl\bin>openssl req -engine pkcs11 -new -key
slot_0-id_d7f4b99792cc4dd708e408d3eb91b566e0a06c02 -keyform engine -x509
-out req.pem -text -days 365 -subj
"/C=PL/ST=woj./L=miejscowosc/O=firma/OU=dzial/CN=nazwisko/emailAddress=
ktos at domena.pl"
engine "pkcs11" set.
PKCS#11 token PIN:
Loading 'screen' into random state - done

C:\Libs\openssl\bin>openssl x509 -engine pkcs11 -signkey slot_0-id_
-keyform engine -in req.pem -out test.pem
engine "pkcs11" set.
Loading 'screen' into random state - done
Getting Private key
PKCS#11 token PIN:

C:\Libs\openssl\bin>type test.pem
-----BEGIN CERTIFICATE-----
MIIC2DCCAkGgAwIBAgIJAL/pU6nbSHVMMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
VQQGEwJQTDENMAsGA1UECAwEd29qLjEUMBIGA1UEBwwLbWllanNjb3dvc2MxDjAM
BgNVBAoMBWZpcm1hMQ4wDAYDVQQLDAVkemlhbDERMA8GA1UEAwwIbmF6d2lza28x
HTAbBgkqhkiG9w0BCQEWDmt0b3NAZG9tZW5hLnBsMB4XDTE1MTIxMDA3NDkxMVoX
DTE2MDEwOTA3NDkxMVowgYQxCzAJBgNVBAYTAlBMMQ0wCwYDVQQIDAR3b2ouMRQw
EgYDVQQHDAttaWVqc2Nvd29zYzEOMAwGA1UECgwFZmlybWExDjAMBgNVBAsMBWR6
aWFsMREwDwYDVQQDDAhuYXp3aXNrbzEdMBsGCSqGSIb3DQEJARYOa3Rvc0Bkb21l
bmEucGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKdYUM4S5DViugWYLu15
Ch3E/Z8DTbj6f+U78RTgmgTgaZuoezRkDubkT/0B++Xig+UEkijDEJov4vJxpJWs
Dz0zs6Z1Re1wrzuUw4rd4eu6PvNHTEmqbTxhmm0xlHfzSVPzp1vFnwJaRNzHiZQl
8FmYWzqiYq6py1giYB/dpjYLAgMBAAGjUDBOMB0GA1UdDgQWBBTX9LmXksxN1wjk
CNPrkbVm4KBsAjAfBgNVHSMEGDAWgBTX9LmXksxN1wjkCNPrkbVm4KBsAjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAC48XmI9bYJcH8uyO4CB3+zIw+iq
wRfJRO779Uqkn1MyiGBLawrCtnWtIqerYHqmwnglMY1rHqU67RlAAo7NojFZtyUQ
3O/0T3nQzsmLXozBw3XzLlSi+fHQ/9eQ6cxFkRXSJNK2nOFlxy6fcuGYxuWuthjF
W0aq8L5+6DemsZDd
-----END CERTIFICATE-----

C:\Libs\openssl\bin>type req.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bf:e9:53:a9:db:48:75:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=PL, ST=woj., L=miejscowosc, O=firma, OU=dzial,
CN=nazwisko/emailAddress=ktos at dome
        Validity
            Not Before: Dec 10 07:49:05 2015 GMT
            Not After : Dec  9 07:49:05 2016 GMT
        Subject: C=PL, ST=woj., L=miejscowosc, O=firma, OU=dzial,
CN=nazwisko/emailAddress=ktos at dom
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:a7:58:50:ce:12:e4:35:62:ba:05:98:2e:ed:79:
                    0a:1d:c4:fd:9f:03:4d:b8:fa:7f:e5:3b:f1:14:e0:
                    9a:04:e0:69:9b:a8:7b:34:64:0e:e6:e4:4f:fd:01:
                    fb:e5:e2:83:e5:04:92:28:c3:10:9a:2f:e2:f2:71:
                    a4:95:ac:0f:3d:33:b3:a6:75:45:ed:70:af:3b:94:
                    c3:8a:dd:e1:eb:ba:3e:f3:47:4c:49:aa:6d:3c:61:
                    9a:6d:31:94:77:f3:49:53:f3:a7:5b:c5:9f:02:5a:
                    44:dc:c7:89:94:25:f0:59:98:5b:3a:a2:62:ae:a9:
                    cb:58:22:60:1f:dd:a6:36:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F4:B9:97:92:CC:4D:D7:08:E4:08:D3:EB:91:B5:66:E0:A0:6C:02
            X509v3 Authority Key Identifier:

keyid:D7:F4:B9:97:92:CC:4D:D7:08:E4:08:D3:EB:91:B5:66:E0:A0:6C:02

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         6c:98:76:ab:1e:f4:98:b7:25:06:e1:13:c5:d7:48:f0:b0:b1:
         97:56:ee:d4:ef:5d:30:aa:e3:de:83:75:09:39:31:41:22:2f:
         0a:f2:6e:48:10:c0:b9:bf:07:92:0f:02:ce:6a:67:fe:92:7d:
         9f:61:de:84:57:80:c0:84:d4:56:23:d9:5c:ea:88:4c:50:65:
         03:14:9b:8e:d4:3e:34:75:a9:53:b9:0d:f1:6c:47:65:fc:7e:
         7c:e1:eb:55:4a:97:d0:f5:e2:ad:cd:a5:0d:6a:50:f1:41:85:
         bb:a0:31:5b:61:40:0c:14:b7:f8:98:f0:80:7e:1a:d6:b4:58:
         22:cd
-----BEGIN CERTIFICATE-----
MIIC2DCCAkGgAwIBAgIJAL/pU6nbSHVMMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
VQQGEwJQTDENMAsGA1UECAwEd29qLjEUMBIGA1UEBwwLbWllanNjb3dvc2MxDjAM
BgNVBAoMBWZpcm1hMQ4wDAYDVQQLDAVkemlhbDERMA8GA1UEAwwIbmF6d2lza28x
HTAbBgkqhkiG9w0BCQEWDmt0b3NAZG9tZW5hLnBsMB4XDTE1MTIxMDA3NDkwNVoX
DTE2MTIwOTA3NDkwNVowgYQxCzAJBgNVBAYTAlBMMQ0wCwYDVQQIDAR3b2ouMRQw
EgYDVQQHDAttaWVqc2Nvd29zYzEOMAwGA1UECgwFZmlybWExDjAMBgNVBAsMBWR6
aWFsMREwDwYDVQQDDAhuYXp3aXNrbzEdMBsGCSqGSIb3DQEJARYOa3Rvc0Bkb21l
bmEucGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKdYUM4S5DViugWYLu15
Ch3E/Z8DTbj6f+U78RTgmgTgaZuoezRkDubkT/0B++Xig+UEkijDEJov4vJxpJWs
Dz0zs6Z1Re1wrzuUw4rd4eu6PvNHTEmqbTxhmm0xlHfzSVPzp1vFnwJaRNzHiZQl
8FmYWzqiYq6py1giYB/dpjYLAgMBAAGjUDBOMB0GA1UdDgQWBBTX9LmXksxN1wjk
CNPrkbVm4KBsAjAfBgNVHSMEGDAWgBTX9LmXksxN1wjkCNPrkbVm4KBsAjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGyYdqse9Ji3JQbhE8XXSPCwsZdW
7tTvXTCq496DdQk5MUEiLwrybkgQwLm/B5IPAs5qZ/6SfZ9h3oRXgMCE1FYj2Vzq
iExQZQMUm47UPjR1qVO5DfFsR2X8fnzh61VKl9D14q3NpQ1qUPFBhbugMVthQAwU
t/iY8IB+Gta0WCLN
-----END CERTIFICATE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151210/65caaa14/attachment.html>

More information about the openssl-dev mailing list