pkcs11 engine private key loading

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

pkcs11 engine private key loading

Pavel Löbl
I've already post this to opensc mailing list but I'm not really sure where
the problem is. So I also try my luck here.

I'm writing application which decrypts SMIME messages using smart
card. I used source code of openssl cms command as reference. I'm able
to decrypt already however I face the following problem. When smart
card is removed while my application is running
ENGINE_load_private_key still returns private key reference without
any problem but later call to CMS_decrypt fails. Similarly when smart
card is not present during first call to ENGINE_load_private_key it
will continue to fail even after card is inserted again. I've tried to
call ENGINE_init before key loading and ENGINE_finish and ENGINE_free
after that but it didn't help. Only workaround I've found is exit the
process and start it again.

I would expect ENGINE_load_private_key to unlock the card if it is
present and is not unlocked already and fail if there is no card
inserted.

I'm not sure what is going on here. Maybe I just got the concept
wrong. I'm using debian testing with opensc 0.18.0-3 and openssl
1.1.0h-4.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users