Testing Libp11, engine and OpenSC with OpenSSL-1.1-pre2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Testing Libp11, engine and OpenSC with OpenSSL-1.1-pre2

Douglas E Engert
If anyone wants to do any testing of opensc libp11 and engine with OpenSSL-1.1  the patches applied to libp11 for use with OpenSSL-1.1 are based on the tag-OpenSSL_1_1_0-pre2.
  OpenSSL developers are  continuing to update the github version which introduces new issues.  (I am trying to follow them.)

There is still https://github.com/OpenSC/engine_pkcs11/pull/39
that adds the engine side of the patch.

$ /opt/smartcard/bin/openssl version
OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016


To test the engine with ECDH, I have been using PIV cards that have a key management cert and key.

To encrypt a message, $2 is the key management certificate of the recipient of the message.

No  card is need to send.  The sender's key is not used here because the method  cms uses only requires the recipient's certificate.
echo "Hello World!" > /tmp/ml.txt
openssl cms -encrypt -out  /tmp/cms.encrypted.mail.msg -from [hidden email] -to [hidden email] -aes256 -in /tmp/ml.txt $2


Then to use the recipient's card and key management key:

# write out the recipient's cert from the card.
pkcs15-tool -r 03 > /tmp/mycert.pem
myeckey="slot_01-id_03"

openssl cms -decrypt -out  /tmp/cms.decrypted.mail.msg -engine pkcs11 -inkey $myeckey -keyform e -recip /tmp/mycert.pem -in /tmp/cms.encrypted.mail.msg

The above should work with OpenSSL-1.1.0-pre2.
Attached are two patches to tag-OpenSSL_1_1_0-pre2 to get openssl cms and openssl req to sign a message using the engine.

https://github.com/OpenSC/engine_pkcs11/pull/39
src/engine_pkcs11.c has some code  to find the pkcs#11 module that needs to be looked at.-- Douglas E. Engert <[hidden email]>

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

use.apps.with.smartcard.diff (1K) Download Attachment