[openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys fail.

Tue Sep 18 05:04:59 UTC 2018

Would it be possible for you to open this as an issue on Github and include
there your first email and the full logs?

Thanks,

Nicola Tuveri

On Tue, 18 Sep 2018 at 01:15, Paras Shah (parashah) via openssl-users <
openssl-users at openssl.org> wrote:

> That is not it. It results in the same error for the EC key.
>
>
>
> It is not the URL or the ID. Because for a RSA key in the softhsm with id
> = 3333, it works fine with url containing id=%33%33
>
>
>
> *$ openssl pkey -in
> "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%33%33;object=rsa%20key;type=private"
> -engine pkcs11 -inform ENGINE*
>
> *engine "pkcs11" set.*
>
> *Enter PKCS#11 token PIN for token 2.5.0-rc1:*
>
> *-----BEGIN PRIVATE KEY-----*
>
> *MIIBJwIBADANBgkqhkiG9w0BAQEFAASCAREwggENAgEAAoIBAQDD3378F1XbXJvP*
>
> *WP2GtZry0u6sL3eNYktQwJfhDMz5evDG+PahVjCMszV5CZvG+Kvap40xPBJoonqi*
>
> *oMAQsoLu7/fTx82aEL3TbdjXNLFnQ2KKYmfG9ymx80sLHMmdmDXpNNE+bEKJz1dp*
>
> *t1Q0cVduwmqSfB8JyIE6Udz7JX7HCXaVmxoK7z4Njh3dyHsqhdqKIx0dBuK0hCaq*
>
> *4zPzGP/sORA3G9ZPxxpEvF3gvE/zsXj7ifihqbqr2eIFOpB/lQqAehsgQT5/6Iq+*
>
> *9pAX2LCxNkaUHYYZpMkM8Oi37jzg8PX/FnHdm9HQU2IBqYhoqo7/VsNdUDln2QHN*
>
> *dGAUprcbAgMBAAE=*
>
> *-----END PRIVATE KEY-----*
>
>
>
> Coming back to EC key, looking at the error logs emitted, it does seem to
> recognize it to be EC (the logs contain EC_routines) somehow but then
> fails.
>
>
>
> On 9/17/18, 2:22 PM, "openssl-users on behalf of Richard Levitte" <
> openssl-users-bounces at openssl.org on behalf of levitte at openssl.org> wrote:
>
>
>
>     In message <4AC69FC3-BEC7-46F6-882A-671196FC0156 at contoso.com> on Mon,
> 17 Sep 2018 20:59:59 +0000, "Paras Shah (parashah)" <parashah at cisco.com>
> said:
>
>
>
>     > 4. Import the key into softhsm
>
>     >
>
>     > []:~$ softhsm2-util --import ~/tmp/secp256k1-key.pem.pkcs8 --label
> "ec key" --id 1111 --token
>
>     > "token 2.5.0-rc1"
>
>
>
>     Ok, so here, the ID is "1111"
>
>
>
>     > 5. Get the pkcs11 url for the private key
>
>     >
>
>     > []:~$ p11tool --login
> --provider=/usr/local/lib/softhsm/libsofthsm2.so --set-pin=1111 --list-all
>
>     >
>
>     > Object 0:
>
>     >
>
>     > URL:
>
>     >
> pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%11%11;object=ec%20key;type=private
>
>
>
>     But here, the ID is "%11%11", and since those get percent decoded,
>
>     that's actually two vertical tabs, or with C vector syntax,
>
>     { 0x0b, 0x0b }
>
>
>
>     I'm not sure what engine-pkcs11 asks of you otherwise, but one guess
>
>     could be to change 'id=%11%11' to 'id=1111' in that URL and try again.
>
>
>
>     Cheers,
>
>     Richard
>
>
>
>     --
>
>     Richard Levitte         levitte at openssl.org
>
>     OpenSSL Project         http://www.openssl.org/~levitte/
>
>     --
>
>     openssl-users mailing list
>
>     To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180918/f3e4cdb5/attachment.html>