Hi Frederik, On Dec 2, 2009, at 7:27 AM, Frederik Mennes wrote:
> Hi everyone, > > I am trying to use OpenSSL’s EVP interface with as engine a SafeNet (formerly > Eracom) ProtectServer HSM. > > I have received from SafeNet a patched version of OpenSSL 0.9.8d. This patch > is called “ERAC-3.30-openssl-0.9.8d.patch”. I am working on Ubuntu Linux with > kernel version 2.6.28-13-generic, and I use SafeNet ProtectToolkit C version > 3.32.00. > > I have successfully built the patched OpenSSL library. However when I try to > use the SafeNet engine it seems the actual engine library cannot be found. > Can anyone help? Hard to tell what it is trying to do without seeing the code... could you perhaps post the patch? S. > > > Here are the steps I have performed: > > 1) I have stored the patched OpenSSL 0.9.8d source code at following > location: > > /home/user/Desktop/openssl-0.9.8d-patched-safenet > > 2) I have built the patched OpenSSL source code using the instructions > in the readme.txt file that came with the patch. This worked fine. The result > of the build was following directory structure: > > /opt/test/bin > c_rehash > openssl > /opt/test/include > /openssl [directory with .h files] > /opt/test/lib > /engines [empty directory] > libcrypto.so > libssl.a > libssl.so.0.9.8 > libcrypto.a > libcrypto.so.0.9.8 > libssl.so > /pkgconfig [directory with .pc files] > /opt/test/ssl > /certs [empty directory] > /engines [empty directory] > /man > /man1 > /man3 > /man5 > /man7 > /misc [directory with some executables] > openssl.cnf > /private [empty directory] > > It seems all engine directories are empty, so I don’t have an engine for > the ProtectServer HSM. Is this normal? > > 3) I have generated an RSA key pair on the ProtectServer HSM using the > ctkmu tool: > > ctkmu c –s0 -t rsa -n CA -a PTxSV > > 4) I now try to create a keylink for this file: > > /opt/test/bin$ ./openssl genrsa –engine ERACOM –hwkey 0/CA > CA.keylink > > However I receive following error (also when executed as root user): > > bash: CA.keylink: Permission denied > > Then I tried following command: > > /opt/test/bin$ ./openssl genrsa –engine ERACOM > > And I received following error: > > Invalid engine “ERACOM” > 12740: error: 25066067: DSO support routines: DLFCN_LOAD: could not load the > shared library: dso_dlfcn.c:16: filename (/usr/lib/ssl/engines/libERACOM.so): > no such file or directory > > Thanks, > > Frederik -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
