[openssl-dev] openssl cms unable to access keys on token?

David Woodhouse dwmw2 at infradead.org
Mon Mar 14 21:33:52 UTC 2016

On Mon, 2016-03-14 at 21:28 +0000, Blumenthal, Uri - 0553 - MITLL
> You are right - the command line was wrong. Here’s the correct line,
> which
> should work, but doesn’t:
> $ openssl cms -engine pkcs11 -aes256 -encrypt -in data.txt -binary
> -outform PEM -out data.txt.enc
> "pkcs11:object=Certificate%20for%20Key%20Management;object-type=cert"

Yeah, that won't work either. 

Perhaps you need the "-certform engine" option.

Which doesn't exist. :)

(My mailer doesn't seem to trust your signing cert, btw. Should you be
including an intermediate certificate in your messages? For that
matter, should I? :)

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160314/9db38a6b/attachment.bin>

More information about the openssl-dev mailing list