Hello,
I managed to get my Cryptoflex running with OpenCT +
OpenSC.
The engine_pkcs11 for OpenSSL works, too.
openssl req -config openssl.conf -engine pkcs11 -new -key
id_45
-keyform engine -out req.pem -text -x509
(together with the default config file from the docs)
Now on the smartcard there is a keypair and I would like to
sign a CSR
with it. But when I use ca instead of req in OpenSSL it
complains
about the format:
openssl ca -verbose -engine pkcs11 -keyform engine -key
id_45 -days 1000
-out $1.crt -in $1.csr -config openssl.conf
says
engine "pkcs11" set.
format not recognized!
supported formats: <id>, <slot>:<id>,
id_<id>, slot_<slot>-id_<id>,
label_<label>, slot_<slot>-label_<label>
where <slot> is the slot number as normal integer,
and <id> is the id number as hex string.
and <label> is the textual key label string.
PKCS11_get_private_key returned NULL
unable to load CA private key
I would be glad if someone could tell me, what is wrong.
Greetings,
Martin
_______________________________________________
opensc-user mailing list
opensc-user lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|