OpenSUSE LEAP15.1을 실행 중이며 Nitrokey USB HSM을 사용하려고 할 때 다음을 참조하세요.
engine "pkcs11" set.
Unable to load module (null)
Unable to load module (null)
PKCS11_get_private_key returned NULL
cannot load CA private key from engine
140396815820608:error:81065401:libp11:pkcs11_CTX_load:Unable to load PKCS#11 module:p11_load.c:77:
140396815820608:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:78:
unable to load CA private key
unable to load certificates
그러나 PKCS는 유효합니다.
pkcs11-tool --test
Using slot 0 with a present token (0x0)
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signature: not a R/W session, skipping signature tests
Verify: not a R/W session, skipping verify tests
Key unwrap: not a R/W session, skipping key unwrap tests
Decryption: not a R/W session, skipping decryption tests
No errors
pkcs15-tool -D
Using reader with a card: Nitrokey Nitrokey HSM (DENK99999999 ) 00 00
PKCS#15 Card [SmartCard-HSM]:
Version : 0
Serial number : DENK999999
Manufacturer ID: www.CardContact.de
Flags :
PIN [UserPIN]
etc.
etc.
etc.
libpkcs11-helper1, openssl-ibmpkcs11및 패키지 pkcs11-helper가 openssl-engine-libp11설치되어 있고 openssl.conf 파일에 올바른 설정이 있습니다.
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
#engine_id = pkcs11 #Note: I have tried both with and without this setting
dynamic_path= /usr/lib64/engines-1.1/pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
#init = 0 #Note: I have tried both with and without this setting
다음 파일이 존재하는지 확인했습니다.
> ls /usr/lib64/engines-1.1/pkcs11.so
/usr/lib64/engines-1.1/pkcs11.so
> ls /usr/lib64/opensc-pkcs11.so
/usr/lib64/opensc-pkcs11.so