<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi,<br>
<br>
I tried running the "s_client" command and it appears to be
working.<br>
<br>
I guess there must be something wrong in my code.<br>
My crash occurs when I call<br>
<blockquote><font face="monospace">ENGINE_init(pkey_engine);</font><br>
</blockquote>
I notice your code does not call this function. Is this needed
needed? If so, when/where should it be called? <br>
<br>
What exactly is the definition of "pkey_identifier" in <font
face="monospace"><br>
</font>
<blockquote><font face="monospace">ENGINE_load_private_key(pkey_engine,
<b>pkey_identifier</b>, transfer_pin, &cb_data) </font>?
<br>
</blockquote>
<br>
I'm not clear on what this value should be. Can you give an
example of what it would look like?<br>
<br>
I have the following on my smart card:<br>
<blockquote>Private Key Object; RSA<br>
label: Authentication - *<br>
<b> ID:</b><b>
2b2586c684d69b670c0a805edf514e720f2b757d8e2faa0b3a7ff23d1ccfc7ba</b><br>
Usage: unwrap<br>
Access: sensitive, never extractable<br>
Allowed mechanisms: RSA-PKCS,RSA-X-509<br>
</blockquote>
<br>
Would the <font face="monospace"><b>pkey_identifier</b></font> be
the <b>ID</b> in the above?<br>
<br>
<br>
What exactly is "prompt_info" in the structure PW_CB_DATA?<br>
i.e.<br>
<font face="monospace">typedef struct pw_cb_data {<br>
const void* password;<br>
const char* <b>prompt_info;</b><br>
} PW_CB_DATA;</font><br>
Can you give an example of what it might look like?<br>
<br>
Is the value of cb_data populated by the <font face="monospace">transfer_pin
</font>callback functions, or should it already contain a value
when <font face="monospace">ENGINE_load_private_key</font> is
called?<br>
<br>
Is there a way to skip the callback transfer_pin and use a hard
coded pin for test purposes when calling <font face="monospace">ENGINE_load_private_key(...)?</font><br>
<br>
<br>
<br>
Thanks!<br>
George<br>
<br>
<br>
On 2020-12-19 8:05 p.m., Jan Just Keijser wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e8d14828-97aa-a1ee-52e2-36e124978cc6@nikhef.nl">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br>
I'd say no engine/pkcs11 module should trigger exceptions - that's
an error in the pkcs11 module.<br>
<br>
Something you can try is this:<br>
<br>
run the 'openssl.exe' command:<br>
<br>
openssl engine -t dynamic -pre
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll"
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
"MODULE_PATH:C:\Program Files (x86)\HID
Global\ActivClient\\acpkcs211.dll" <br>
<br>
then on the OpenSSL prompt , try<br>
<br>
s_client -keyform engine -key 0:<key-id> -cert
"clientcert.pem" -connect remote_host:remote_port<br>
<br>
that should start a TLS connection and use the pcks11 engine to
ask for the key , identified by <key-id> in slot 0 (adjust
the slot number if your smart card starts at number 1 etc.<br>
<br>
HTH,<br>
<br>
JJK <br>
<br>
<br>
</blockquote>
<br>
</body>
</html>