Testing Libp11, engine and OpenSC with OpenSSL-1.1-pre2
If anyone wants to do any testing of opensc libp11 and engine with OpenSSL-1.1 the patches applied to libp11 for use with OpenSSL-1.1 are based on the tag-OpenSSL_1_1_0-pre2.
OpenSSL developers are continuing to update the github version which introduces new issues. (I am trying to follow them.)
$ /opt/smartcard/bin/openssl version
OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016
To test the engine with ECDH, I have been using PIV cards that have a key management cert and key.
To encrypt a message, $2 is the key management certificate of the recipient of the message.
No card is need to send. The sender's key is not used here because the method cms uses only requires the recipient's certificate.
echo "Hello World!" > /tmp/ml.txt
openssl cms -encrypt -out /tmp/cms.encrypted.mail.msg -from [hidden email] -to [hidden email] -aes256 -in /tmp/ml.txt $2
Then to use the recipient's card and key management key:
# write out the recipient's cert from the card.
pkcs15-tool -r 03 > /tmp/mycert.pem