On Fri, Jan 20, 2006, [EMAIL PROTECTED] wrote: > > Each time I try to load a key from the token, an error occurs whatever > the version of OpenSSL : > > /usr/local/ssl/bin/openssl req -engine LunaCA3 -keyform engine -text > -key "RSA 1024-bit Private Key:1" -out cr.pem > Using configuration from /usr/local/ssl/openssl.cnf > engine "LunaCA3" set. > unable to load Private key > 9510:error:2609607D:engine routines:ENGINE_load_private_key:no load > function:engine_lib.c:239: > > I notice the same issue when I change the content of the -key option > with : 6964, 6964:1... I tried all sorts of strings without success. > > Has anyone been able to sign, decrypt files with OpenSSL and an HSM > SafeNet Luna CA3 ??? Is there another way to perform those operations > without OpenSSL ? It seems possible wth the command pkcs11-tool (from > OpenSC project) but I can't make it work >
The cause of that is that the ENGINE doesn't implement the necessary functionality to load a private key from the HSM. No matter what string you try you'll still get that error. So the cause is an issue with the third party ENGINE and not OpenSSL. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
