[OpenSC-devel] openssl PKCS11 engine + eTpkcs11.dll on windows ?
opensc_alias at swing.be opensc_alias at swing.beThu Oct 21 15:03:30 UTC 2004
- Previous message: [OpenSC-devel] A trivial patch against openct-CVS
- Next message: [OpenSC-devel] openssl PKCS11 engine + eTpkcs11.dll on windows ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, First: I am a brand new user of opensc, and English is not my native language…. I have been trying to use etoken PRO with openssl on Linux and Windows. The Linux implementation using the openssl+engine_opensc.so seems to work for me, knowing that I initialize the token using opensc. But we are shipping these token to clients that use it in windows. These token have been initialized using Official PKCS11 from Alladin (eTpkcs11.dll), wich does not seems to play well with opensc. I did try to use the etpkcs11.dll of Alladin with the statically linked version of opensc on windows (win32bin_stat_18_10_2004.zip), but get several errors, both with pkcs11-tool or with engine_pkcs11.dll. The same eToken seems to work correctly in Firefox after registering eTpkcs11.dll and using a the token initialized with opensc and opensc-pkcs11.dll it work too. Is this a known problem (I guess yes ;-/) and is someone able to provide a fast solution? (free or not ;-) C:\\\\\\\\tools\\\\\\\\opensc>pkcs11-tool.exe --module etpkcs11.dll --pin 123456 -O -v Certificate Object, type = X.509 cert label: Unlabeled ID: 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 Public Key Object; RSA 1024 bits label: eTCAPI public key ID: 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 Usage: encrypterror: PKCS11 function C_GetAttributeValue(DECRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12) Aborting. C:\\\\\\\\tools\\\\\\\\opensc>openssl OpenSSL> engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:etpkcs11.dl l (dynamic) Dynamic engine loading support [Success]: SO_PATH:engine_pkcs11 [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:etpkcs11.dll Loaded: (pkcs11) pkcs11 engine OpenSSL> engine pkcs11 -pre PIN:123456 -pre VERBOSE (pkcs11) pkcs11 engine [Success]: PIN:123456 [Success]: VERBOSE OpenSSL> req -engine pkcs11 -new -key id_39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 -k eyform engine -text -config openssl.cnf initializing engine engine \"pkcs11\" set. Found 2 slots [0] AKS ifdh 0 uninitialized, login (eToken) [1] AKS ifdh 1 no tok Found uninitialized token; PKCS11_get_private_key returned NULL unable to load Private Key 2676:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:.\\\\\\\\crypto\\\\\\\\engine\\\\\\\\eng_pkey.c:117: error in req With an other token initialized using opensc, on windows and using the default pkcs11 (engine+dll) everything seems to work: C:\\\\\\\\tools\\\\\\\\opensc>pkcs11-tool.exe --pin 123456 -O -v Private Key Object; RSA 1024 bits label: Private Key ID: 45 Usage: sign Certificate Object, type = X.509 cert label: Certificate ID: 45 Public Key Object; RSA 1024 bits label: Certificate ID: 45 Usage: encrypt, verify C:\\\\\\\\tools\\\\\\\\opensc>openssl OpenSSL> engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.dll (dynamic) Dynamic engine loading support [Success]: SO_PATH:engine_pkcs11 [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:opensc-pkcs11.dll Loaded: (pkcs11) pkcs11 engine OpenSSL> engine pkcs11 -pre PIN:123456 -pre VERBOSE (pkcs11) pkcs11 engine [Success]: PIN:123456 [Success]: VERBOSE OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -text -config openssl.cnf initializing engine engine \"pkcs11\" set. Found 8 slots [0] AKS ifdh 0 login (OpenSC Card (Marc Jadoul (signin) [1] AKS ifdh 0 (OpenSC Card) [2] AKS ifdh 0 no pin (OpenSC Card) [3] AKS ifdh 0 no pin (OpenSC Card) [4] AKS ifdh 1 no tok [5] AKS ifdh 1 no tok [6] AKS ifdh 1 no tok [7] AKS ifdh 1 no tok Found slot: AKS ifdh 0 Found token: OpenSC Card (Marc Jadoul (signin Found 1 certificate: 1 Certificate (/C=BE/L=Bruxelles/O=Certipost/OU=E-Trust/OU=NA/OU=NA/CN=Marc Jadoul (Signing)) Found 1 key: 1 P Private Key ID = 45 Certificate Request: Data: Version: 0 (0x0) Subject: C=GB, L=Test Locality, O=Organization Name, OU=Organizational Unit Name, CN=Common Name/emailAddress=te st at email.address Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ba:b3:b1:fb:c0:77:23:0e:62:28:6c:b9:ad:f6: 23:08:ac:7e:f6:83:3c:65:b1:a7:86:f1:74:92:51: ba:ff:29:91:c4:3d:45:e8:a1:45:c6:a3:ec:d0:86: 79:6f:26:8a:6d:58:41:d5:56:6b:fa:5d:cf:ab:bf: bb:8c:5b:6d:42:39:4a:40:3f:61:d2:7b:4f:63:2e: 56:b7:be:29:b0:a7:df:e7:3c:4c:3e:ee:3a:de:bb: bd:0c:60:d8:41:fd:37:b3:f7:1e:0d:85:2f:57:bc: 22:bd:38:db:f2:1c:e9:97:b5:9f:7c:ac:f7:20:f1: aa:8b:06:79:f9:5f:b0:72:1b Exponent: 2593935281 (0x9a9c4fb1) Attributes: challengePassword :A challenge password Signature Algorithm: md5WithRSAEncryption ba:14:5b:d0:8e:90:af:68:cc:e3:36:98:16:ae:d9:75:df:95: 7a:f8:e4:c1:d2:f8:96:ec:15:64:2c:55:0b:c3:c2:0c:40:d5: d6:f3:21:f7:dc:72:6e:41:9e:ae:f8:5d:17:c9:6b:92:af:bd: ba:7e:bb:f5:42:9b:35:7a:49:f4:2b:87:92:fb:55:c8:ec:35: 2a:5f:97:91:82:c7:43:d5:0e:09:da:dc:ce:b8:d6:1c:07:e1: 54:90:71:4a:ff:e8:bb:e9:65:c5:fd:ff:62:b6:05:fb:91:64: 4a:e5:2c:28:c7:d0:49:b6:91:15:ac:0e:d3:0a:b0:27:b4:1a: be:1a -----BEGIN CERTIFICATE REQUEST----- MIICBTCCAW4CAQAwgZ0xCzAJBgNVBAYTAkdCMRYwFAYDVQQHEw1UZXN0IExvY2Fs aXR5MRowGAYDVQQKExFPcmdhbml6YXRpb24gTmFtZTEhMB8GA1UECxMYT3JnYW5p emF0aW9uYWwgVW5pdCBOYW1lMRQwEgYDVQQDEwtDb21tb24gTmFtZTEhMB8GCSqG SIb3DQEJARYSdGVzdEBlbWFpbC5hZGRyZXNzMIGhMA0GCSqGSIb3DQEBAQUAA4GP ADCBiwKBgQC6s7H7wHcjDmIobLmt9iMIrH72gzxlsaeG8XSSUbr/KZHEPUXooUXG o+zQhnlvJoptWEHVVmv6Xc+rv7uMW21COUpAP2HSe09jLla3vimwp9/nPEw+7jre u70MYNhB/Tez9x4NhS9XvCK9ONvyHOmXtZ98rPcg8aqLBnn5X7ByGwIFAJqcT7Gg JTAjBgkqhkiG9w0BCQcxFhMUQSBjaGFsbGVuZ2UgcGFzc3dvcmQwDQYJKoZIhvcN AQEEBQADgYEAuhRb0I6Qr2jM4zaYFq7Zdd+VevjkwdL4luwVZCxVC8PCDEDV1vMh 99xybkGervhdF8lrkq+9un679UKbNXpJ9CuHkvtVyOw1Kl+XkYLHQ9UOCdrczrjW HAfhVJBxSv/ou+llxf3/YrYF+5FkSuUsKMfQSbaRFawO0wqwJ7Qavho= -----END CERTIFICATE REQUEST----- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.opensc-project.org/pipermail/opensc-devel/attachments/20041021/7cde71ba/attachment.htm
- Previous message: [OpenSC-devel] A trivial patch against openct-CVS
- Next message: [OpenSC-devel] openssl PKCS11 engine + eTpkcs11.dll on windows ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the opensc-devel mailing list
此原文 http://www.opensc-project.org/pipermail/opensc-devel/2004-October/004768.html
我把etpkcs11.dll替换成飞天ePass3000ND的ngp11v211.dll,果然好使。飞天的接口还是做的不错的,比海泰强。
有opensc的openssl引擎engine_pkcs11这碗酒垫底,以后什么酒(接任意pkcs11卡或key)都能对付!