[openssl-users] pkcs11 engine private key loading

Pavel Löbl lobl.pavel at gmail.com
Fri Jul 27 09:59:22 UTC 2018


I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.

I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the following problem. When smart
card is removed while my application is running
ENGINE_load_private_key still returns private key reference without
any problem but later call to CMS_decrypt fails. Similarly when smart
card is not present during first call to ENGINE_load_private_key it
will continue to fail even after card is inserted again. I've tried to
call ENGINE_init before key loading and ENGINE_finish and ENGINE_free
after that but it didn't help. Only workaround I've found is exit the
process and start it again.

I would expect ENGINE_load_private_key to unlock the card if it is
present and is not unlocked already and fail if there is no card
inserted.

I'm not sure what is going on here. Maybe I just got the concept
wrong. I'm using debian testing with opensc 0.18.0-3 and openssl
1.1.0h-4.


More information about the openssl-users mailing list