ED25519 key with openssl engine

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ED25519 key with openssl engine

OpenSSL - User mailing list

I get the following error when I try to access the ed25519 key stored in SoftHSM via the openssl engine interface using engine_pkcs11.

 

[]:~$ openssl pkey -in "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%22%22;object=ed25519%20leaf%20key;type=private" -inform ENGINE -engine pkcs11 -text

engine "pkcs11" set.

Enter PKCS#11 token PIN for token 2.5.0-rc1:

Key not found.

PKCS11_get_private_key returned NULL

cannot load key from engine

140736065815424:error:80067065:pkcs11 engine:ctx_load_privkey:object not found:eng_back.c:862:

140736065815424:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:78:

unable to load key

 

 

The openssl version used above is 1.1.1. which supports the ed25519 keys. The softhsm is v2.5.0-rc1 which also support the ed25519 keys.

 

 

-- 

Paras


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ED25519 key with openssl engine

Matt Caswell-2
Perhaps the pkcs11 engine does not support ed25519 keys?

Matt

On 17/09/18 22:05, Paras Shah (parashah) via openssl-users wrote:

> I get the following error when I try to access the ed25519 key stored in
> SoftHSM via the openssl engine interface using engine_pkcs11.
>
>  
>
> []:~$ openssl pkey -in
> "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%22%22;object=ed25519%20leaf%20key;type=private"
> -inform ENGINE -engine pkcs11 -text
>
> engine "pkcs11" set.
>
> Enter PKCS#11 token PIN for token 2.5.0-rc1:
>
> Key not found.
>
> PKCS11_get_private_key returned NULL
>
> cannot load key from engine
>
> 140736065815424:error:80067065:pkcs11 engine:ctx_load_privkey:object not
> found:eng_back.c:862:
>
> 140736065815424:error:26096080:engine
> routines:ENGINE_load_private_key:failed loading private
> key:crypto/engine/eng_pkey.c:78:
>
> unable to load key
>
>  
>
>  
>
> The openssl version used above is 1.1.1. which supports the ed25519
> keys. The softhsm is v2.5.0-rc1 which also support the ed25519 keys.
>
>  
>
>  
>
> -- 
>
> Paras
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: ED25519 key with openssl engine

OpenSSL - User mailing list
I had the same doubt. I have x-posed this question on the opensc mailing list as well.

On 9/17/18, 3:37 PM, "openssl-users on behalf of Matt Caswell" <[hidden email] on behalf of [hidden email]> wrote:

    Perhaps the pkcs11 engine does not support ed25519 keys?
   
    Matt
   
    On 17/09/18 22:05, Paras Shah (parashah) via openssl-users wrote:
    > I get the following error when I try to access the ed25519 key stored in
    > SoftHSM via the openssl engine interface using engine_pkcs11.
    >
    >  
    >
    > []:~$ openssl pkey -in
    > "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6a160d52b750862f;token=token%202.5.0-rc1;id=%22%22;object=ed25519%20leaf%20key;type=private"
    > -inform ENGINE -engine pkcs11 -text
    >
    > engine "pkcs11" set.
    >
    > Enter PKCS#11 token PIN for token 2.5.0-rc1:
    >
    > Key not found.
    >
    > PKCS11_get_private_key returned NULL
    >
    > cannot load key from engine
    >
    > 140736065815424:error:80067065:pkcs11 engine:ctx_load_privkey:object not
    > found:eng_back.c:862:
    >
    > 140736065815424:error:26096080:engine
    > routines:ENGINE_load_private_key:failed loading private
    > key:crypto/engine/eng_pkey.c:78:
    >
    > unable to load key
    >
    >  
    >
    >  
    >
    > The openssl version used above is 1.1.1. which supports the ed25519
    > keys. The softhsm is v2.5.0-rc1 which also support the ed25519 keys.
    >
    >  
    >
    >  
    >
    > --
    >
    > Paras
    >
    >
    >
    --
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
   

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users