Hi,
I am using Nitrokey HSM2. I installed OpenSC 0.19.0, OpenSSL 1.1.1c and libp11 from git. I initialized the Nitrokey HSM2. Result of the pkcs11-tool:
Slot 0 (0x0): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
token label : UserPIN (PES-HSM-test)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 24.13
firmware version : 3.2
serial num : DENK0102473
pin min/max : 6/15
Now I am trying to create CSR (certificate signing request), with OpenSSL. Command:
OPENSSL_CONF=hsm.conf openssl req -new -keyform engine -engine pkcs11 -x509 -subj "/CN=Test" -out cert.pem -key id_10
hsm.conf:
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
# empty.
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
PIN = 123456
init = 0
Problem is, that I am getting error like this:
139816463811648:error:8207A054:PKCS#11 module:pkcs11_private_encrypt:Function not supported:p11_rsa.c:120:
139816463811648:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:224:
Thanks for any idea.
Tomas Klein