- Forwarded Message - From: Zlatko Vrastic To:
"openssl-users@openssl.org" Sent: Friday, October
22, 2021, 03:25:10 PM GMT+2Subject: openssl s_client privatekey engine pkcs11 -
no SSL_connect:SSLv3/TLS write certificate verify
When using
openssl s_client .. -keyf
org.openssl.engine:pkcs11:
should work, rather than
-engine pkcs11 -keyform engine
because the latter pertains to all key options used, including -key,
which is not what you want.
HTH,
David
On 25.03.21 18:56, mbalembo wrote:
>
> Hello all,
>
>
> I'm trying to do a CMP request using op
ne: wtorek, 1 czerwca 2021 17:36
Do: Selva Nair
DW: openssl-users@openssl.org
Temat: ODP: CSR creation using pkcs11 dynamic engine
Sorry my bad i was checking bad position in the file...
Od: openssl-users w imieniu użytkownika
Piotr Lobacz
Wysłane: wtorek, 1 cz
Sorry my bad i was checking bad position in the file...
Od: openssl-users w imieniu użytkownika
Piotr Lobacz
Wysłane: wtorek, 1 czerwca 2021 17:34
Do: Selva Nair
DW: openssl-users@openssl.org
Temat: ODP: CSR creation using pkcs11 dynamic engine
Ok not fixed
pkcs11 dynamic engine
Hi Selva,
btw. i have found one issue in libp11 package
https://github.com/OpenSC/libp11/issues/304 and i have used 0.4.10 i will check
firstly with 0.4.11 and give you answer.
BR
Piotr
Od: Selva Nair
Wysłane: wtorek, 1 czerwca 2021 17:15
Do
: openssl-users@openssl.org
Temat: Re: CSR creation using pkcs11 dynamic engine
Hi Piotr,
On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
mailto:piotr.lob...@softgent.com>> wrote:
Hi,
i have managed to find the engine method static EVP_PKEY *load_privkey(ENGINE
*engine, const char *s_
On Tue, Jun 1, 2021 at 11:15 AM Selva Nair wrote:
>
> Hi Piotr,
>
> On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
> wrote:
>>
>> Hi,
>> i have managed to find the engine method static EVP_PKEY
>> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
>> void *callback_data) i
Hi Piotr,
On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
wrote:
> Hi,
> i have managed to find the engine method static EVP_PKEY
> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
> void *callback_data) in libp11 package. I have also made a printf callback
> and i see the
l.org
Temat: ODP: CSR creation using pkcs11 dynamic engine
Hi, unfortunately that is not that simple :( These methods are not being
exposed by the dotnet. Porting them would take to much time because of the
method struct. Recompiling the whole dotnet sdk is also not an option.
You know, i&#x
check this on monday and keep you inform. Have a nice weekend.
BR
Piotr
Od: Selva Nair
Wysłane: sobota, 29 maja 2021 03:34
Do: Piotr Lobacz
Temat: Re: CSR creation using pkcs11 dynamic engine
Hi,
I will also check these flags of my RSA object using RSA_test_flags
e: piątek, 28 maja 2021 20:47
Do: Piotr Lobacz
DW: openssl-users@openssl.org
Temat: Re: CSR creation using pkcs11 dynamic engine
Hi,
On Fri, May 28, 2021 at 1:44 PM Piotr Lobacz wrote:
>
> Ok, i have found out that dotnet OpenSsl library has it's own code for
> verification is key
Its not verifying, but signing operation that is failing. This sounds
like something wrong in the way you are using the dotnet interface or
possibly a bug in (or limitation of) that implementation itself. Like
its not meant to be used when keys are "external". I have no idea
having never used
: openssl-users@openssl.org
Temat: CSR creation using pkcs11 dynamic engine
Hi all,
i'm trying to generate CSR using C# System.SecurityCryptography.Openssl library
together with pkcs11 token library. The whole proces for this in command line
works without any problems. For execution of this p
Hi all,
i'm trying to generate CSR using C# System.SecurityCryptography.Openssl library
together with pkcs11 token library. The whole proces for this in command line
works without any problems. For execution of this process i use command:
openssl req -new -subj '/C=PL/ST=Gdansk/L
Ok i am trying to use this code:
TokenEngine::TokenEngine( const StringList & modulePaths )
{
ENGINE * tok = ENGINE_by_id( "pkcs11" );
if ( ! tok )
throw Exception( "token: unable to get engine" );
m_pEngine = tok;
const string modulePath( findFi
using pkcs11 token engine from C# code
Hi Michael,
thx for your quick reply. Unfortunately i can't use your script because i need
to use native code not bash implementation.
For the first question about loading token module i have found a solution on
github https://github.com/tkil/op
Hi Michael,
thx for your quick reply. Unfortunately i can't use your script because i need
to use native code not bash implementation.
For the first question about loading token module i have found a solution on
github https://github.com/tkil/openssl-pkcs11-samples . This code is a C/C++
t; domain #3 >
DNS.4 = < domain #4 >
DNS.5 = < domain #5 >
DNS.6 = < domain #6 >
DNS.7 = < domain #7 >
DNS.8 = < domain #8 >
DNS.9 = < domain #9 >
EOF
)
-Original Message-
From: openssl-users On Behalf Of Piotr
Lobacz
Sent: Monday, May 24, 20
Hi all,
i am currently trying to generate CSR with the usage of tpm2-pkcs11 module
together with pkcs11 engine from opensc and the whole thing running with
openssl api from C# code.
I have checked that my solution works from command line. I have added these
lines:
openssl_conf = openssl_init
Hello all,
I'm trying to do a CMP request using openssl with a private key inside a
pkcs11 device (on linux).
So i'm using opsenssl 3.0.0 alpha 13.
I did compile fine (./config --prefix=/opt/openssl enable-deprecated
--openssldir=/usr/local/ssl -Wl,-rpath=/opt/openssl/lib),
but
crypt with code that uses the private key in the HSM to
> encrypt the hash buffer that has been calculated.
>
> My initialisation looks like this
> /* Load the configuration using OPENSSL_CONF environment variable */
> OPENSSL_config(NULL);
> /* Try and load PKCS11 engine */
&
looks like this
/* Load the configuration using OPENSSL_CONF environment variable */
OPENSSL_config(NULL);
/* Try and load PKCS11 engine */
const char* s = getenv("OPENSSL_CONF");
printf("Trying to load pkcs#11 engine\n");
printf("OPENSSL_CONF=%s\n&quo
OK thanks,
initial implementation of STORE into my pkcs11 engine (1) is ready.
I am able to do this openssl storeutl -engine pkcs11
'pkcs11:objecttype=cert;object=test'
and this is result:
engine "pkcs11" set.
0: Certificate
-BEGIN CERTIFICATE-
MIIC/D
Not only.
What you need to do on bind is to create a whole OSSL_STORE_LOADER for
pkcs11. OSSL_STORE_LOADER_set_open only sets the opening functions,
which is expected to take a URI and parse that into something
sensible, and return a context. There are other functions to set as
well, such as
OSSL_STORE_LOADER_set_open on bind ?
On Wed, Mar 6, 2019 at 10:35 AM Richard Levitte wrote:
>
> There is a more generic command to do exactly this sort of thing,
> 'openssl storeutil', available since OpenSSL 1.1.1.
>
> The pkcs11 backend / engine needs to implement the
I can write the function inside pkcs11 engine but then how do I "hook"
it to storeutl?
The first obstacle is here "No URI given, nothing to do" but with
pkcs11 I have no URI or File.
Thanks
On Wed, Mar 6, 2019 at 10:35 AM Richard Levitte wrote:
>
> There is a more gen
There is a more generic command to do exactly this sort of thing,
'openssl storeutil', available since OpenSSL 1.1.1.
The pkcs11 backend / engine needs to implement the functionality
required to hook with the OSSL_STORE functionality for storeutil to be
useful.
Cheers,
Richard
On W
There are some good tools for pkcs11, like pkcs11-tool of the OpenSC
project, but often only need the list of key ids to perform signature
operations with the engine.
I would propose a new pkcs11 command which, for now, only makes the
list of ids and labels of keys present in a token.
I have
Thanks =)
This is similar to other commands, e.g. ssh, tpm2-tools, etc
inconsistencies between different flags between different
sub-commands.
Getting it right the first time is easier said than done and changing
command line behaviour later on breaks user scripts etc.
//P
On Wed, Oct 17, 2018 a
In message
on Tue, 16 Oct 2018 10:34:31 +0200, Peter Magnusson
said:
> Sorry, I am an idiot =)
No you're not.
> Problem resolved, user error. -key was the problem and should not be
> used as I showed.
>
> -key has a different meaning for openssl ca than for openssl req, so
> my PIN was my
ng to try and figure out what pass phrased was
> passed and where it came from. I'm afraid that's a debugging session.
>
> Cheers,
> Richard
>
> In message
> on Tue,
> 16 Oct 2018 09:54:08 +0200, Peter Magnusson
> said:
>
> > The error can be worka
s
passed and where it came from. I'm afraid that's a debugging session.
Cheers,
Richard
In message
on Tue, 16 Oct 2018 09:54:08 +0200, Peter Magnusson
said:
> The error can be workaround by entering PIN = "..." into [pkcs11_section].
> pkcs11 engine version is libp11
The error can be workaround by entering PIN = "..." into [pkcs11_section].
pkcs11 engine version is libp11-0.4.9.
Anyone know if this a 1) libp11 issue or 2) openssl issue or 3) me
doing something wrong?
On Mon, Oct 15, 2018 at 5:40 PM Peter Magnusson
wrote:
>
> Hi,
>
> I&
Hi,
I'm trying to understand how to make "openssl ca" prompt for a PKCS#11
login pin. Version is openssl-1.1.1.
openssl req works as I would expect, prompting for PIN:
YUBIHSM_PKCS11_CONF=yubihsm2-pkcs11.conf \
local-build/bin/openssl \
req -config yubihsm2-openssl.conf -new \
I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.
I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the fol
s11.so?
>>
> Well sort of. OpenSSL requires that public key components are set for private
> keys (except for a legacy RSA case).
OK, thank you. It turns out I've just used the wrong command to import a
key into SoftHSM, namely 'pkcs11-tool -w' instead of 'softhsm2-tool
--
On Fri, Sep 15, 2017, Anton Gerasimov wrote:
> So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
> in the returned 'struct ec_key_st' to NULL. Is it a failure inside
> engine_pkcs11.so?
>
Well sort of. OpenSSL requires that public key components are set for private
keys (e
So it turns out load_privkey() function of engine_pkcs11.so sets pub_key
in the returned 'struct ec_key_st' to NULL. Is it a failure inside
engine_pkcs11.so?
Thanks,
Anton Gerasimov
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Greetings,
I'm trying to make OpenSSL (v. 1.0.2j) get client certificate/private
key from a virtual PKCS#11 device, namely SoftHSM. I've imported a
certificate and private key into SoftHSM, configured openssl as
following and run
openssl s_client -engine pkcs11 -connect mydoma
I need these openssl parameters to be used without specifying it in command
line. It doesn't matter, if it is in config file or environment variables.
How to do that?
(I need to sign xml documents via xmlsec. xmlsec can use openssl as crypto,
but I do not have idea, how xmlsec call openssl. It do
Hi,
On 10/11/16 10:49, Pawel Suwinski wrote:
Hello
After openssl upgrade (new OS version, new machine) I get error
decrypting SMIME messages using Alladin eToken SmardCard (pkcs11
engine).
On old system (Debian 6.0 Squeeze-LTS)/ machine:
#v+
[old]$ openssl version
OpenSSL 0.9.8g
Hello
After openssl upgrade (new OS version, new machine) I get error
decrypting SMIME messages using Alladin eToken SmardCard (pkcs11
engine).
On old system (Debian 6.0 Squeeze-LTS)/ machine:
#v+
[old]$ openssl version
OpenSSL 0.9.8g 19 Oct 2007 (Library: OpenSSL 0.9.8o 01 Jun
t;
> int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
> STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
> STACK_OF(X509) **pother,
> UI_METHOD *ui_method, void *callback_data);
>
> which seems to be a bit too specific (where would I get an SSL pointer
&
er,
UI_METHOD *ui_method, void *callback_data);
which seems to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.
> Steve.
> --
> Dr Stephen N. Henson
ule works fine using
> the shell but I want to implement it as an independent program. For example
> if I use the rsautl module then I can provide the inkey option and keyform
> option to use the private key from the smartcard. Look at the snippet below:
> openssl rsautl -sign -in fil
ndent program. For example if I
use the rsautl module then I can provide the inkey option and keyform option to
use the private key from the smartcard. Look at the snippet below:
openssl rsautl -sign -in file -keyform engine -engine pkcs11 -inkey
slot_1-id_54a4c9bdaf3ff82b3367b586a6658c23 -out s
Hi All,
I need to authenticate my client with a smartcard in ssl connection. So i
am using pkcs11 engine.
I have called the functions below, i have successfully read the certificate
from smart card. But while connecting to server client does not send any
certificate. It happens one side ssl
Hi all
I trying to create a csr (in a c program) that uses a hardware private
public key and I am accessing this token by pkcs11. However, the csr is
always invalid, with the following message:
$ openssl req -verify -in wltx.csr
verify failure
1996:error:0D07207B:asn1 encoding
Hi all
I trying to create a csr (in a c program) that uses a hardware private
public key and I am accessing this token by pkcs11. However, the csr is
always invalid, with the following message:
$ openssl req -verify -in wltx.csr
verify failure
1996:error:0D07207B:asn1 encoding
x27;t work.
I'll have to think about this for a bit.
Anyway, thanks for the clarifications!
Ben
-Original Message-
From: CASTELLUCCI, BEN CIV DFAS
Sent: Thursday, May 24, 2012 11:21 AM
To: openssl-users@openssl.org
Subject: RE: pkcs11 Certificate Selection Dialog
Thank you for the r
rompt.
Let me know any thoughts on this.
Thanks!
Ben
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Thursday, May 24, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Re: pkcs11 Certificate Sele
the store that
> would satisfy the request. There does not seem to be a way to 'cache'
> the choice. Since the choice is not 'remembered' the user is continually
> prompted during back-to-back operations that require the client
> certificate. A pkcs11-enabled version con
cache'
the choice. Since the choice is not 'remembered' the user is continually
prompted during back-to-back operations that require the client
certificate. A pkcs11-enabled version control client (Subversion) is a
good example. A simple commit may produce a half-dozen or more prompts.
Hi!
I try to use a pkcs11 smart card (eToken) to store the web server's
private key with apache&mod_ssl.
From the strace output it seems that mod_ssl successfully loads the
pkcs11 engine.
However it does not seem to find the pkcs11 library.
Given that I see no attempt to load openssl.cnf
Hi OpenSSL folks,
Jan Pechanec from Sun used to provide a patch for OpenSSL to allow us to
compile with the Solaris pkcs11 crypto libraries. This disappeared with
Oracle's consumption of Sun. It seems that the crypto co-processing features of
the Sparc T-series is continuing, but not the
n Repudiation
>
> The request from receiver is to sign with Non-Repud.
>
> What pkcs11-tool does is that it choses ONLY the key/cert defined as
> "critical digital signature", even if I choses a different ID. The program
> will not take into consideration that I am changi
Agreement
2. X509v3 Key Usage: critical
Non Repudiation
The request from receiver is to sign with Non-Repud.
What pkcs11-tool does is that it choses ONLY the key/cert defined as
"critical digital signature", even if I choses a different ID. The program
will not
On 06/30/2011 11:25 AM, James Berry wrote:
Hi:
I need to sign a challenge string using the private key present on a
smartcard. The smartcard has a PKCS11-compliant library and I have
been able to open the card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format
Hi:
I need to sign a challenge string using the private key present on a smartcard.
The smartcard has a PKCS11-compliant library and I have been able to open the
card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format to be sent elsewhere for
verification
Thanks TIM, it works as expected.
On 6/5/10 2:20 AM, "Tim Hudson" wrote:
> On 5/06/2010 12:56 AM, Fares Gianluca wrote:
>> Hi all,
>> I¹m try to figure out why my X509_REQ signature is always not verified.
>> I¹m using openssl-1.0.0 and gclib.dll provided by gemalto.
>
> It is helpful to actu
On 5/06/2010 12:56 AM, Fares Gianluca wrote:
Hi all,
I’m try to figure out why my X509_REQ signature is always not verified.
I’m using openssl-1.0.0 and gclib.dll provided by gemalto.
It is helpful to actually provide a complete working example rather than just a
subset. However in this case t
REQ_INFO(req->req_info,NULL);
buf_in=(unsigned char *)MEMORY_ALLOC(inl);
p = buf_in;
i2d_X509_REQ_INFO(req->req_info,&buf_in);
outl=EVP_PKEY_size(pkey);
// Create message digest
EVP_MD_CTX_init(&ctx);
EVP_DigestInit(&ctx,digest);
EVP_DigestU
Cesar Henrique Keiti Kuroiwa wrote:
Now we seem to be facing a new issue that comes up when a wrong PIN is
entered and then the card is removed from the reader. After that, we
can no longer do anything with the card after it is re-inserted. Not
even by cleaning and reloading all the ENGINE-relate
on wrote:
> > On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
> >
> >
> >> Hello
> >>
> >> We are trying to use the PKCS11 engine for OpenSSL to interface with a
> >> smart card reader "Gemplus GemPC Twin 00 00". We ar
Dr. Stephen Henson wrote:
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader "Gemplus GemPC Twin 00 00". We are having some
trouble when trying to retrieve the priva
On Wed, Mar 17, 2010, Cesar Henrique Keiti Kuroiwa wrote:
> Hello
>
> We are trying to use the PKCS11 engine for OpenSSL to interface with a
> smart card reader "Gemplus GemPC Twin 00 00". We are having some
> trouble when trying to retrieve the private from a
Hello
We are trying to use the PKCS11 engine for OpenSSL to interface with a
smart card reader "Gemplus GemPC Twin 00 00". We are having some
trouble when trying to retrieve the private from a smart card to
decrypt some data. The problem arises when the wrong PIN numbe
; On Thu, Feb 04, 2010 at 06:24:13AM -0800, Samuel123smith wrote:
> >
> > Hi ALL,
> >
> > I was trying to write openssl pkcs11 engine implementation for RSA . Now
> ,I
> > am stuck with the implementating RSA padding which is required for RSA
> > encryption,decryption ,signi
, Samuel123smith wrote:
>
> Hi ALL,
>
> I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
> am stuck with the implementating RSA padding which is required for RSA
> encryption,decryption ,signing and verifying.
>
> I was trying to find the mechan
Hi ALL,
I was trying to write openssl pkcs11 engine implementation for RSA . Now ,I
am stuck with the implementating RSA padding which is required for RSA
encryption,decryption ,signing and verifying.
I was trying to find the mechanism which is needed for each padding.
RSA_PKCS1_PADDING
>
>+ * CDDL HEADER END
>
>I am wondering whether we can you this patch beause of this copyright
>informatiion.
>
>
>
>Thanks
>
>Samuel
>
>
>On Wed, Dec 16, 2009 at 7:04 PM, Jan Pechanec wrote:
>
>> On Wed, 16 Dec 2009, samuel smith wrote:
>>
&
mith wrote:
>
> >Thanks Cristian.
> >
> >I actually want to implement pkcs11 support in OpenSSL. Any one can please
> >direct to correct path for implementing the pkcs11 engine.As i am new
> >openssl , please tell me what all would be required to develop this and
>
On Wed, 16 Dec 2009, samuel smith wrote:
>Thanks Cristian.
>
>I actually want to implement pkcs11 support in OpenSSL. Any one can please
>direct to correct path for implementing the pkcs11 engine.As i am new
>openssl , please tell me what all would be required to develop this and
Thanks Cristian.
I actually want to implement pkcs11 support in OpenSSL. Any one can please
direct to correct path for implementing the pkcs11 engine.As i am new
openssl , please tell me what all would be required to develop this and
please direct me to some document which might be usefull for
Hi ALL,
I was wondering why OpenSSL team have not supported pkcs11 engine. I can see
in the contribution list
http://www.openssl.org/contrib/ http://www.openssl.org/contrib/ , some of
the user have already contributed pkcs11 support patch . Why openssl team
have not included this in the main
I think you may want to use the OpenSC PKCS#11 OpenSSL Engine
http://www.opensc-project.org/engine_pkcs11/
2009/12/8 Samuel123smith
>
> Hi ALL,
>
> I am new to OpenSSL and need some help on pkcs11.
>
> 1 . Does the latest OpenSSL 0.9.8k support the pkcs11 support?
> If so ,
Hi ALL,
I am new to OpenSSL and need some help on pkcs11.
1 . Does the latest OpenSSL 0.9.8k support the pkcs11 support?
If so , how to configure the openssl with pkcs11 support?
2. I have searched through openssl for finding some document regarding
pkcs11 but was not able to find any good
ing support
[success]: SO_PATH:engine_pkcs11
[success]:ID:pkcs11
[success]:LIST_ADD:1
[success]:LOAD
[success]:MODULE_PATH:OCSCryptolib_P11.dll
Loaded: pkcs11 engine
[available]
OpenSSL> rsautl -decrypt -in cipher.txt -out raw.txt -engine pkcs11
-keyform engine -i
ticed some improvement but
not much ... Is this a good idea ?
--
View this message in context:
http://www.nabble.com/UltraSPARC-T2---OpenSSL---PKCS11-tp24952022p25002897.html
Sent from the OpenSSL - User mailing list archive at
hi,
your pkcs11 on the Sparc system is fast(!) its just the verification
that seems a little b0rked/slow :-|
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
signverifysign/s verify/s
> rsa 1024 bits 0.0246s 0.0014s 40.7701.3
>
> openssl speed -engine pkcs11 rsa
> signverifysign/s verify/s
> rsa 1024 bits 0.s 0.s 25112.3 30151.4
>
> Compaired to the first s
.1554s 0.0048s 6.4206.3
>rsa 4096 bits 1.0780s 0.0175s 0.9 57.0
>
>
>openssl speed -engine pkcs11 rsa
>
>signverifysign/s verify/s
>rsa 512 bits 0.s 0.s 26514.1 31260.8
>rsa 1024 bits 0.s 0
0005s210.7 2072.0
rsa 1024 bits 0.0246s 0.0014s 40.7701.3
rsa 2048 bits 0.1554s 0.0048s 6.4206.3
rsa 4096 bits 1.0780s 0.0175s 0.9 57.0
openssl speed -engine pkcs11 rsa
signverifysign/s verify/s
rsa 512 bits 0.0
Hello Patrick,
Thanks for help ...
-
My Background:
Working with a server application that has a programming language (ADVPL),
in the server I am responsible for some protocols such as http/https -
server/client :) and now I am having to use an HSM.
Currently supports only the fo
Hello again:
Aaack - my bad for not re-reading the post - the openssl.cnf section should
be:
[ openssl_init ]
engines = engine_section
oid_section = new_oids
[ engine_section ]
lunahsm = luna_hsm
[ luna_hsm ]
engine_id = LunaCA3
init
Hi Ricardo:
On September 17, 2008 12:52:23 pm Ricardo Garcia Reis wrote:
> Hey fellows,
>
> I want your help, to implement an integration with SafeNet HSM Hardware. I
> know OpenSSL, but never used with PKCS#11.
>
The Engine interface is your friend :) And WHICH Safenet HSM? Have you taken a
look
Hey fellows,
I want your help, to implement an integration with SafeNet HSM Hardware. I
know OpenSSL, but never used with PKCS#11.
I have a HTTPS server and wonders how do I inform the certificate,
privatekey and passphrase for the HTTPS handshake using PKCS#11.
How to change my functions load_k
Sergio escribió:
Hello,
I'm configuring an access control for wireless networks using eap-tls
protocol. The clients have got credentials into a smartcard using
engine-pkcs11. wpa_supplicant requires cert_id and key_id for
certificate and private key respectively, stored into the chip.
Hello,
I'm configuring an access control for wireless networks using eap-tls
protocol. The clients have got credentials into a smartcard using
engine-pkcs11. wpa_supplicant requires cert_id and key_id for
certificate and private key respectively, stored into the chip. Linux
clients c
On Thu, 17 Jul 2008, sadronmeldir wrote:
>Is there a way to determine if the patch is installed and if the backend is
>set up? Any help would be greatly appreciated.
Solaris 10 and OpenSolaris are already shipped with the PKCS#11
engine. Run this to see that:
openssl engine -vvv
ler: information not available
OPENSSLDIR: "/etc/sfw/openssl"
Is there a way to determine if the patch is installed and if the backend is
set up? Any help would be greatly appreciated.
-Chris
--
View this message in context:
http://www.nabble.com/Determing-if-the-OpenSSL-PKCS11-Patch-is-insta
I read on a website (http://developer.mozilla.org/en/docs/NSS_FAQ) that
OpenSSL does not support the PKCS #11 chip by default. I'm aware there is a
patch for this, but I'm not sure if it's already installed. I'm currently
working on an OpenSPARC. By typing "openssl version -a" in the terminal, I
re
My apologies if this is a simple question. I'm fairly new to writing C and
even newer at working with OpenSSL.
I'm trying to take metrics for comparing OpenSSL on an OpenSPARC machine
with and without use of the PKCS11 engine. The code below is an attempt to
time how long i
I am using the latest 9.8g openssl on Solaris 10 update 3. The ssl
handshake is working fine. I want to use the Niagra 2 chip to do my
encryping but I need the pkcs11 engine. The 9.8g
ENGINE_load_builtin_engines() does not have pkcs11.
How do I get it and if there is a way then how do I
,
but the RSA enc and dec performance on the amd 64 dell machine running
Solaris x64(100 times RSA enc and dec in 700ms) is also much higher than
the same machine running windows 2003 x86 (100 times RSA enc and dec in
1200ms without pkcs11 engine.
On 2/14/07, durgaprasad jammula <[EMAIL PROTEC
PKCS11 is interface to hardware cryptographic accelators. If you use PKCS11
engine, instead of software doing the encryption/decryption, hardware does it.
To use, PKCS11, you need to have cryptographic hardware accelator. This comes
by default with Sun Fire T2000.
If you encrypt the data with
d decryption
wasted 1500ms, then I ran the code on Solaris (sparc t2000), it wast
8000ms.
I googled that why Solaris RSA enc and dec is so slow and found that the
pkcs11 engine should be use to improve Solaris RSA performance.
I did use the pkcs11 engine
e = ENGINE_by_id("pkcs11"
Dear all,I'm implementing HSM support to our OCSP Responder which uses openssl libraries to perform crypto operations. When searching for a PKCS11 engine's implementation for OpenSSL 0.9.8c (OCSP patched already with Engine support) I found OpenSC project and their engine_pkcs11 librarie
Hello people. Please help me with following problem:
Under Windows XP professional SP2 (+all current updates) I can not use Smart card Bundle v.0.6.
Openssl give me an error when I trying to load pkcs11 engine.
Here is my configs.
1) in working
>you could use RSA_set_method with RSA_PKCS1_SSLeay for example
That was all I needed. I've got it working now.
Thanks,
Christopher
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
1 - 100 of 127 matches
Mail list logo
