On 11/2/2011 8:41 PM, SiSt wrote:
Where is the error message invalid slot number coming from? From the
carddriver? Anything to do with Multipart/Singlepart sign. It used to work
with previous driver.
openssl> req -config /etc/ssl/openssl.cnf -x509 -engine pkcs11 -new -key
id_1 -keyform engine -out req.pem -text -subj "/CN=Name Name"
engine "pkcs11" set.
Invalid slot number: 0
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
3073644168:error:26096080:engine routines:ENGINE_load_private_key:failed
loading private key:eng_pkey.c:126:
unable to load Private Key
error in req
In the generel PKCS#11 API (engine-pkcs11 translates OpenSSL calls to
PKCS#11 calls), almost all calls take a "slot number" argument which
was originally supposed to index the fixed number of physical card slots
in your collection of physical, non-plug-and-play smartcard readers.
With the invention of both plug-and-play card readers, USB readerless
cards ("USB Tokens") and completely virtual smart cards, PKCS#11
libraries have to preallocate a fictive number of slots and use a table
to map them to various card reader (not card) drivers.
In practice, this error message simply means that the slot number that
OpenSSL passed to engine-pkcs11 was not recognized by the configured
pkcs11 library. In particular, I guess "id_1" did not map to a reader or
your PKCS#11 configuration did not point to the reader containing your
actual smart card.
Depending on your PKCS#11 library, it could also mean that the card
reader index was recognized, but the card was not recognized as
present, valid and compatible.
--
Jakob Bohm, CIO, WiseMo A/S.
Secure remote control of Smart phones, PCs and embedded systems.
This public posting comes with no promises, no warranties and is not
binding.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
