[openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys fail.

Richard Levitte levitte at openssl.org
Mon Sep 17 21:22:22 UTC 2018

In message <4AC69FC3-BEC7-46F6-882A-671196FC0156 at contoso.com> on Mon, 17 Sep 2018 20:59:59 +0000, "Paras Shah (parashah)" <parashah at cisco.com> said:

> 4. Import the key into softhsm
> []:~$ softhsm2-util --import ~/tmp/secp256k1-key.pem.pkcs8 --label "ec key" --id 1111 --token
> "token 2.5.0-rc1"

Ok, so here, the ID is "1111"

> 5. Get the pkcs11 url for the private key
> []:~$ p11tool --login --provider=/usr/local/lib/softhsm/libsofthsm2.so --set-pin=1111 --list-all
> Object 0:
> URL:
> pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%11%11;object=ec%20key;type=private

But here, the ID is "%11%11", and since those get percent decoded,
that's actually two vertical tabs, or with C vector syntax,
{ 0x0b, 0x0b }

I'm not sure what engine-pkcs11 asks of you otherwise, but one guess
could be to change 'id=%11%11' to 'id=1111' in that URL and try again.


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list