[openssl-users] pkcs11 engine private key loading

Pavel Löbl lobl.pavel at gmail.com
Fri Jul 27 09:59:22 UTC 2018

I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.

I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the following problem. When smart
card is removed while my application is running
ENGINE_load_private_key still returns private key reference without
any problem but later call to CMS_decrypt fails. Similarly when smart
card is not present during first call to ENGINE_load_private_key it
will continue to fail even after card is inserted again. I've tried to
call ENGINE_init before key loading and ENGINE_finish and ENGINE_free
after that but it didn't help. Only workaround I've found is exit the
process and start it again.

I would expect ENGINE_load_private_key to unlock the card if it is
present and is not unlocked already and fail if there is no card

I'm not sure what is going on here. Maybe I just got the concept
wrong. I'm using debian testing with opensc 0.18.0-3 and openssl

More information about the openssl-users mailing list