[openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

Paweł Witas pw178860 at gmail.com
Thu Dec 10 07:59:06 UTC 2015 

Correction: I forgot to paste my token ID.

openssl x509 -engine pkcs11 -signkey
slot_0-id_d7f4b99792cc4dd708e408d3eb91b566e0a06c02 -keyform engine -in
req.pem -out test.pem

On Thu, Dec 10, 2015 at 8:54 AM, Paweł Witas <pw178860 at gmail.com> wrote:

> C:\Libs\openssl\bin>pkcs11-tool.exe --module enigmap11.dll --login
> --login-type user --type privkey -O
> Using slot 0 with a present token (0x0)
> Logging in to "ENCARD Token kwalifikowany".
> Please enter User PIN: Private Key Object; RSA
>   label:
>   ID:         d7f4b99792cc4dd708e408d3eb91b566e0a06c02
>   Usage:      decrypt, sign
>
> C:\Libs\openssl\bin>openssl req -engine pkcs11 -new -key
> slot_0-id_d7f4b99792cc4dd708e408d3eb91b566e0a06c02 -keyform engine -x509
> -out req.pem -text -days 365 -subj
> "/C=PL/ST=woj./L=miejscowosc/O=firma/OU=dzial/CN=nazwisko/emailAddress=
> ktos at domena.pl"
> engine "pkcs11" set.
> PKCS#11 token PIN:
> Loading 'screen' into random state - done
>
> C:\Libs\openssl\bin>openssl x509 -engine pkcs11 -signkey slot_0-id_
> -keyform engine -in req.pem -out test.pem
> engine "pkcs11" set.
> Loading 'screen' into random state - done
> Getting Private key
> PKCS#11 token PIN:
>
> C:\Libs\openssl\bin>type test.pem
> -----BEGIN CERTIFICATE-----
> MIIC2DCCAkGgAwIBAgIJAL/pU6nbSHVMMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
> VQQGEwJQTDENMAsGA1UECAwEd29qLjEUMBIGA1UEBwwLbWllanNjb3dvc2MxDjAM
> BgNVBAoMBWZpcm1hMQ4wDAYDVQQLDAVkemlhbDERMA8GA1UEAwwIbmF6d2lza28x
> HTAbBgkqhkiG9w0BCQEWDmt0b3NAZG9tZW5hLnBsMB4XDTE1MTIxMDA3NDkxMVoX
> DTE2MDEwOTA3NDkxMVowgYQxCzAJBgNVBAYTAlBMMQ0wCwYDVQQIDAR3b2ouMRQw
> EgYDVQQHDAttaWVqc2Nvd29zYzEOMAwGA1UECgwFZmlybWExDjAMBgNVBAsMBWR6
> aWFsMREwDwYDVQQDDAhuYXp3aXNrbzEdMBsGCSqGSIb3DQEJARYOa3Rvc0Bkb21l
> bmEucGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKdYUM4S5DViugWYLu15
> Ch3E/Z8DTbj6f+U78RTgmgTgaZuoezRkDubkT/0B++Xig+UEkijDEJov4vJxpJWs
> Dz0zs6Z1Re1wrzuUw4rd4eu6PvNHTEmqbTxhmm0xlHfzSVPzp1vFnwJaRNzHiZQl
> 8FmYWzqiYq6py1giYB/dpjYLAgMBAAGjUDBOMB0GA1UdDgQWBBTX9LmXksxN1wjk
> CNPrkbVm4KBsAjAfBgNVHSMEGDAWgBTX9LmXksxN1wjkCNPrkbVm4KBsAjAMBgNV
> HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAC48XmI9bYJcH8uyO4CB3+zIw+iq
> wRfJRO779Uqkn1MyiGBLawrCtnWtIqerYHqmwnglMY1rHqU67RlAAo7NojFZtyUQ
> 3O/0T3nQzsmLXozBw3XzLlSi+fHQ/9eQ6cxFkRXSJNK2nOFlxy6fcuGYxuWuthjF
> W0aq8L5+6DemsZDd
> -----END CERTIFICATE-----
>
> C:\Libs\openssl\bin>type req.pem
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             bf:e9:53:a9:db:48:75:4c
>     Signature Algorithm: sha256WithRSAEncryption
>         Issuer: C=PL, ST=woj., L=miejscowosc, O=firma, OU=dzial,
> CN=nazwisko/emailAddress=ktos at dome
>         Validity
>             Not Before: Dec 10 07:49:05 2015 GMT
>             Not After : Dec  9 07:49:05 2016 GMT
>         Subject: C=PL, ST=woj., L=miejscowosc, O=firma, OU=dzial,
> CN=nazwisko/emailAddress=ktos at dom
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (1024 bit)
>                 Modulus:
>                     00:a7:58:50:ce:12:e4:35:62:ba:05:98:2e:ed:79:
>                     0a:1d:c4:fd:9f:03:4d:b8:fa:7f:e5:3b:f1:14:e0:
>                     9a:04:e0:69:9b:a8:7b:34:64:0e:e6:e4:4f:fd:01:
>                     fb:e5:e2:83:e5:04:92:28:c3:10:9a:2f:e2:f2:71:
>                     a4:95:ac:0f:3d:33:b3:a6:75:45:ed:70:af:3b:94:
>                     c3:8a:dd:e1:eb:ba:3e:f3:47:4c:49:aa:6d:3c:61:
>                     9a:6d:31:94:77:f3:49:53:f3:a7:5b:c5:9f:02:5a:
>                     44:dc:c7:89:94:25:f0:59:98:5b:3a:a2:62:ae:a9:
>                     cb:58:22:60:1f:dd:a6:36:0b
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 D7:F4:B9:97:92:CC:4D:D7:08:E4:08:D3:EB:91:B5:66:E0:A0:6C:02
>             X509v3 Authority Key Identifier:
>
> keyid:D7:F4:B9:97:92:CC:4D:D7:08:E4:08:D3:EB:91:B5:66:E0:A0:6C:02
>
>             X509v3 Basic Constraints:
>                 CA:TRUE
>     Signature Algorithm: sha256WithRSAEncryption
>          6c:98:76:ab:1e:f4:98:b7:25:06:e1:13:c5:d7:48:f0:b0:b1:
>          97:56:ee:d4:ef:5d:30:aa:e3:de:83:75:09:39:31:41:22:2f:
>          0a:f2:6e:48:10:c0:b9:bf:07:92:0f:02:ce:6a:67:fe:92:7d:
>          9f:61:de:84:57:80:c0:84:d4:56:23:d9:5c:ea:88:4c:50:65:
>          03:14:9b:8e:d4:3e:34:75:a9:53:b9:0d:f1:6c:47:65:fc:7e:
>          7c:e1:eb:55:4a:97:d0:f5:e2:ad:cd:a5:0d:6a:50:f1:41:85:
>          bb:a0:31:5b:61:40:0c:14:b7:f8:98:f0:80:7e:1a:d6:b4:58:
>          22:cd
> -----BEGIN CERTIFICATE-----
> MIIC2DCCAkGgAwIBAgIJAL/pU6nbSHVMMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
> VQQGEwJQTDENMAsGA1UECAwEd29qLjEUMBIGA1UEBwwLbWllanNjb3dvc2MxDjAM
> BgNVBAoMBWZpcm1hMQ4wDAYDVQQLDAVkemlhbDERMA8GA1UEAwwIbmF6d2lza28x
> HTAbBgkqhkiG9w0BCQEWDmt0b3NAZG9tZW5hLnBsMB4XDTE1MTIxMDA3NDkwNVoX
> DTE2MTIwOTA3NDkwNVowgYQxCzAJBgNVBAYTAlBMMQ0wCwYDVQQIDAR3b2ouMRQw
> EgYDVQQHDAttaWVqc2Nvd29zYzEOMAwGA1UECgwFZmlybWExDjAMBgNVBAsMBWR6
> aWFsMREwDwYDVQQDDAhuYXp3aXNrbzEdMBsGCSqGSIb3DQEJARYOa3Rvc0Bkb21l
> bmEucGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKdYUM4S5DViugWYLu15
> Ch3E/Z8DTbj6f+U78RTgmgTgaZuoezRkDubkT/0B++Xig+UEkijDEJov4vJxpJWs
> Dz0zs6Z1Re1wrzuUw4rd4eu6PvNHTEmqbTxhmm0xlHfzSVPzp1vFnwJaRNzHiZQl
> 8FmYWzqiYq6py1giYB/dpjYLAgMBAAGjUDBOMB0GA1UdDgQWBBTX9LmXksxN1wjk
> CNPrkbVm4KBsAjAfBgNVHSMEGDAWgBTX9LmXksxN1wjkCNPrkbVm4KBsAjAMBgNV
> HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGyYdqse9Ji3JQbhE8XXSPCwsZdW
> 7tTvXTCq496DdQk5MUEiLwrybkgQwLm/B5IPAs5qZ/6SfZ9h3oRXgMCE1FYj2Vzq
> iExQZQMUm47UPjR1qVO5DfFsR2X8fnzh61VKl9D14q3NpQ1qUPFBhbugMVthQAwU
> t/iY8IB+Gta0WCLN
> -----END CERTIFICATE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151210/6e671e5b/attachment-0001.html>

More information about the openssl-dev mailing list