[openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys fail.
Richard Levitte
levitte at openssl.org
Mon Sep 17 21:22:22 UTC 2018
In message <4AC69FC3-BEC7-46F6-882A-671196FC0156 at contoso.com> on Mon, 17 Sep 2018 20:59:59 +0000, "Paras Shah (parashah)" <parashah at cisco.com> said:
> 4. Import the key into softhsm
>
> []:~$ softhsm2-util --import ~/tmp/secp256k1-key.pem.pkcs8 --label "ec key" --id 1111 --token
> "token 2.5.0-rc1"
Ok, so here, the ID is "1111"
> 5. Get the pkcs11 url for the private key
>
> []:~$ p11tool --login --provider=/usr/local/lib/softhsm/libsofthsm2.so --set-pin=1111 --list-all
>
> Object 0:
>
> URL:
> pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%11%11;object=ec%20key;type=private
But here, the ID is "%11%11", and since those get percent decoded,
that's actually two vertical tabs, or with C vector syntax,
{ 0x0b, 0x0b }
I'm not sure what engine-pkcs11 asks of you otherwise, but one guess
could be to change 'id=%11%11' to 'id=1111' in that URL and try again.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list