|

Encryption and Cryptography

»

»

question on using engine_pkcs11 with openssl smime on command line

View: New views

3 Messages — Rating Filter: Alert me

	question on using engine_pkcs11 with openssl smime on command line by Nilij :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, there, I know one can use the _interactive_ mode of openssl to first load the pkcs11 engine, then run smime command. For example: root@localhost:~# openssl OpenSSL> engine -t dynamic -pre \ SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre \ LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:/usr/local/lib/opensc-pkcs11.so Loaded: (pkcs11) pkcs11 engine [ available ] OpenSSL> smime -sign -engine pkcs11 -in /tmp/MIME-FILE \ -out /tmp/CLEAR-SIGNED -signer my-certs/john_doe.crt But how do I do this in openssl _batch_ mode? If I run the above commands as root@localhost:~# openssl engine -t dynamic ... root@localhost:~# openssl smime -engine pkcs11 ... It doesn't work and it shouldn't work since there is no state saved from the first command. I know I can use expect to pump commands in sequence, but there must be an elegant way to do this on command line. Thanks in advance for the help. _______________________________________________ opensc-user mailing list opensc-user@... http://www.opensc-project.org/mailman/listinfo/opensc-user
	Re: question on using engine_pkcs11 with openssl smime on command line by Nilij :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Sorry for the silly question. Just realized that openssl takes commands from stdin, so catting a file of commands (engine & smime) and pipe it to openssl can do it. On Sat, 2009-10-24 at 20:05 -0400, Nilij wrote: > Hi, there, > > I know one can use the _interactive_ mode of openssl to first load the > pkcs11 engine, then run smime command. For example: > > root@localhost:~# openssl > OpenSSL> engine -t dynamic -pre \ > SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre \ > LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:/usr/local/lib/opensc-pkcs11.so > Loaded: (pkcs11) pkcs11 engine > [ available ] > OpenSSL> smime -sign -engine pkcs11 -in /tmp/MIME-FILE \ > -out /tmp/CLEAR-SIGNED -signer my-certs/john_doe.crt > > But how do I do this in openssl _batch_ mode? If I run the above > commands as > root@localhost:~# openssl engine -t dynamic ... > root@localhost:~# openssl smime -engine pkcs11 ... > It doesn't work and it shouldn't work since there is no state saved from > the first command. > > I know I can use expect to pump commands in sequence, but there must > be an elegant way to do this on command line. > > Thanks in advance for the help. > > _______________________________________________ > opensc-user mailing list > opensc-user@... > http://www.opensc-project.org/mailman/listinfo/opensc-user _______________________________________________ opensc-user mailing list opensc-user@... http://www.opensc-project.org/mailman/listinfo/opensc-user
	Re: question on using engine_pkcs11 with openssl smime on command line by Andreas Jellinghaus-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message see the wiki: create a config file that has the engine information. then you need only the openssl smime command (and pass the extra parameter to the config file, which gets processed first). Regards, Andreas _______________________________________________ opensc-user mailing list opensc-user@... http://www.opensc-project.org/mailman/listinfo/opensc-user