[Opensc-devel] OpenSSL pkcs11 engine + etpkcs11.dll on windows?

[Opensc-devel] OpenSSL pkcs11 engine + etpkcs11.dll on windows?

Opensc_alias at swing. beOpensc_alias at swing. be
Thu Oct 21 15:03:30 UTC 2004

• Previous message: [opensc-devel] a trivial patch against openct-CVS
• Next message: [opensc-devel] OpenSSL pkcs11 engine + etpkcs11.dll on windows?
• Messages sorted:[Date] [thread] [subject] [author]

Hello, First: I am a brand new user of opensc, and English is not my native language…. I have been trying to use etoken PRO with openssl on Linux and Windows.The Linux implementation using the openssl+engine_opensc.so seems to work for me, knowing that I initialize the token using opensc.But we are shipping these token to clients that use it in windows. These token have been initialized using Official PKCS11 from Alladin (eTpkcs11.dll), wich does not seems to play well with opensc.I did try to use the etpkcs11.dll of Alladin with the statically linked version of opensc on windows (win32bin_stat_18_10_2004.zip), but get several errors, both with pkcs11-tool or with engine_pkcs11.dll.The same eToken seems to work correctly in Firefox after registering eTpkcs11.dll and using a the token initialized with opensc and opensc-pkcs11.dll it work too. Is this a known problem (I guess yes ;-/)  and is someone able to provide a fast solution? (free or not ;-) C:\\\\\\\\tools\\\\\\\\opensc>pkcs11-tool.exe --module etpkcs11.dll --pin 123456 -O -vCertificate Object, type = X.509 cert  label:      Unlabeled  ID:         39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30Public Key Object; RSA 1024 bits  label:      eTCAPI public key  ID:         39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30  Usage:      encrypterror: PKCS11 function C_GetAttributeValue(DECRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12) Aborting. C:\\\\\\\\tools\\\\\\\\opensc>opensslOpenSSL> engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:etpkcs11.dll(dynamic) Dynamic engine loading support[Success]: SO_PATH:engine_pkcs11[Success]: ID:pkcs11[Success]: LIST_ADD:1[Success]: LOAD[Success]: MODULE_PATH:etpkcs11.dllLoaded: (pkcs11) pkcs11 engineOpenSSL> engine pkcs11 -pre PIN:123456 -pre VERBOSE(pkcs11) pkcs11 engine[Success]: PIN:123456[Success]: VERBOSEOpenSSL> req -engine pkcs11 -new -key id_39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30 -keyform engine -text -config openssl.cnfinitializing engineengine \"pkcs11\" set.Found 2 slots[0] AKS ifdh 0                 uninitialized, login  (eToken)[1] AKS ifdh 1                 no tokFound uninitialized token;PKCS11_get_private_key returned NULLunable to load Private Key2676:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:.\\\\\\\\crypto\\\\\\\\engine\\\\\\\\eng_pkey.c:117:error in req With an other token initialized using opensc, on windows and using the default pkcs11 (engine+dll) everything seems to work: C:\\\\\\\\tools\\\\\\\\opensc>pkcs11-tool.exe --pin 123456 -O -vPrivate Key Object; RSA 1024 bits  label:      Private Key  ID:         45  Usage:      signCertificate Object, type = X.509 cert  label:      Certificate  ID:         45Public Key Object; RSA 1024 bits  label:      Certificate  ID:         45  Usage:      encrypt, verify C:\\\\\\\\tools\\\\\\\\opensc>opensslOpenSSL> engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.dll(dynamic) Dynamic engine loading support[Success]: SO_PATH:engine_pkcs11[Success]: ID:pkcs11[Success]: LIST_ADD:1[Success]: LOAD[Success]: MODULE_PATH:opensc-pkcs11.dllLoaded: (pkcs11) pkcs11 engineOpenSSL> engine pkcs11 -pre PIN:123456 -pre VERBOSE(pkcs11) pkcs11 engine[Success]: PIN:123456[Success]: VERBOSEOpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -text -config openssl.cnfinitializing engineengine \"pkcs11\" set.Found 8 slots[0] AKS ifdh 0                 login             (OpenSC Card (Marc Jadoul (signin)[1] AKS ifdh 0                                   (OpenSC Card)[2] AKS ifdh 0                 no pin            (OpenSC Card)[3] AKS ifdh 0                 no pin            (OpenSC Card)[4] AKS ifdh 1                 no tok[5] AKS ifdh 1                 no tok[6] AKS ifdh 1                 no tok[7] AKS ifdh 1                 no tokFound slot:  AKS ifdh 0Found token: OpenSC Card (Marc Jadoul (signinFound 1 certificate:   1    Certificate (/C=BE/L=Bruxelles/O=Certipost/OU=E-Trust/OU=NA/OU=NA/CN=Marc Jadoul (Signing))Found 1 key:   1 P  Private Key        ID = 45Certificate Request:    Data:        Version: 0 (0x0)        Subject: C=GB, L=Test Locality, O=Organization Name, OU=Organizational Unit Name, CN=Common Name/emailAddress=test at email.address        Subject Public Key Info:            Public Key Algorithm: rsaEncryption            RSA Public Key: (1024 bit)                Modulus (1024 bit):                    00:ba:b3:b1:fb:c0:77:23:0e:62:28:6c:b9:ad:f6:                    23:08:ac:7e:f6:83:3c:65:b1:a7:86:f1:74:92:51:                    ba:ff:29:91:c4:3d:45:e8:a1:45:c6:a3:ec:d0:86:                    79:6f:26:8a:6d:58:41:d5:56:6b:fa:5d:cf:ab:bf:                    bb:8c:5b:6d:42:39:4a:40:3f:61:d2:7b:4f:63:2e:                    56:b7:be:29:b0:a7:df:e7:3c:4c:3e:ee:3a:de:bb:                    bd:0c:60:d8:41:fd:37:b3:f7:1e:0d:85:2f:57:bc:                    22:bd:38:db:f2:1c:e9:97:b5:9f:7c:ac:f7:20:f1:                    aa:8b:06:79:f9:5f:b0:72:1b                Exponent: 2593935281 (0x9a9c4fb1)        Attributes:            challengePassword        :A challenge password    Signature Algorithm: md5WithRSAEncryption        ba:14:5b:d0:8e:90:af:68:cc:e3:36:98:16:ae:d9:75:df:95:        7a:f8:e4:c1:d2:f8:96:ec:15:64:2c:55:0b:c3:c2:0c:40:d5:        d6:f3:21:f7:dc:72:6e:41:9e:ae:f8:5d:17:c9:6b:92:af:bd:        ba:7e:bb:f5:42:9b:35:7a:49:f4:2b:87:92:fb:55:c8:ec:35:        2a:5f:97:91:82:c7:43:d5:0e:09:da:dc:ce:b8:d6:1c:07:e1:        54:90:71:4a:ff:e8:bb:e9:65:c5:fd:ff:62:b6:05:fb:91:64:        4a:e5:2c:28:c7:d0:49:b6:91:15:ac:0e:d3:0a:b0:27:b4:1a:        be:1a-----BEGIN CERTIFICATE REQUEST-----MIICBTCCAW4CAQAwgZ0xCzAJBgNVBAYTAkdCMRYwFAYDVQQHEw1UZXN0IExvY2FsaXR5MRowGAYDVQQKExFPcmdhbml6YXRpb24gTmFtZTEhMB8GA1UECxMYT3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lMRQwEgYDVQQDEwtDb21tb24gTmFtZTEhMB8GCSqGSIb3DQEJARYSdGVzdEBlbWFpbC5hZGRyZXNzMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQC6s7H7wHcjDmIobLmt9iMIrH72gzxlsaeG8XSSUbr/KZHEPUXooUXGo+zQhnlvJoptWEHVVmv6Xc+rv7uMW21COUpAP2HSe09jLla3vimwp9/nPEw+7jreu70MYNhB/Tez9x4NhS9XvCK9ONvyHOmXtZ98rPcg8aqLBnn5X7ByGwIFAJqcT7GgJTAjBgkqhkiG9w0BCQcxFhMUQSBjaGFsbGVuZ2UgcGFzc3dvcmQwDQYJKoZIhvcNAQEEBQADgYEAuhRb0I6Qr2jM4zaYFq7Zdd+VevjkwdL4luwVZCxVC8PCDEDV1vMh99xybkGervhdF8lrkq+9un679UKbNXpJ9CuHkvtVyOw1Kl+XkYLHQ9UOCdrczrjWHAfhVJBxSv/ou+llxf3/YrYF+5FkSuUsKMfQSbaRFawO0wqwJ7Qavho=-----END CERTIFICATE REQUEST------------------- next part --------------An HTML attachment was scrubbed...URL: http://www.opensc-project.org/pipermail/opensc-devel/attachments/20041021/7cde71ba/attachment.htm 

• Previous message: [opensc-devel] a trivial patch against openct-CVS
• Next message: [opensc-devel] OpenSSL pkcs11 engine + etpkcs11.dll on windows?
• Messages sorted:[Date] [thread] [subject] [author]

More information about the opensc-devel mailing list

Original article http://www.opensc-project.org/pipermail/opensc-devel/2004-October/004768.html

I replaced etpkcs11.dll with ngp11v211. dll of Apsara epass3000nd. The Apsara interface is better than Haitai.
The OpenSSL engine engine_pkcs11 with opensc can be used to handle any liquor in the future (with any pkcs11 card or key!