On Wed, Jul 06, 2011, James Berry wrote: > I am trying to sign a file using the opensc pkcs11 engine. I will be doing > this in code ultimately, but I thought I would make it work from the command > line first. > > I have the pkcs11 engine working ok and can make a certificate request, for > example, using the key on the smartcard. > > This works fine and produces a signed file in the format that I want > > cms -sign -in sign.txt -out signout.txt -signer signer.pem -outform DER > > > This does not work, as it tries to open the key id on the card as a file; I > assume that I need a different parameter to indicate the key id to use, but I > can't find the right magic > > cms -engine pkcs11 -sign -in sign.txt -signer > > 8320eb4fa0f91a25b9febcbe47845ba168055622 -keyform engine -out signout.txt > > -outform DER >
The signing certificate needs to be specified as a file, the value you pass as the key will be used to access the engine. So try -signer and -inkey options. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
