-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot specify private key ID inside PKCS#11 URI, key not found #1429
Comments
https://tools.ietf.org/html/rfc7512 says: in "3. Examples of PKCS #11 URIs": try |
Aaaaaaaaaaaaaaah! You're brilliant! Thank you so much, I completely missed that. Works perfectly. Thank you again so much and have a great weekend :-) All the best, Joe |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there. I'm using OpenSC 0.17.0-3 and OpenSSL 1.1.0g-2ubuntu4.1 on Ubuntu Mate 18.04 x86_64 and use it with a NitroKey HSM for signing. It works nicely as long as I specify my key IDs in the legacy "slot:id" format, e.g.:
The OpenSSL config is very unspectacular:
It also works perfectly when specifying a PKCS#11 URI and a key label, i.e.:
However, when I try to specify the key by its's key ID (01) using a PKCS#11 URI, it fails:
Using OPENSC_DEBUG=3, I have created two logs:
Then diffed them. Disregarding timestamps and pointer values, the relevant difference appears ~30 lines after the 11 bytes APDU is sent to the device containing my PIN (no worries, I will change it). Log when everything works (legacy "-key 0:1"): https://gist.github.com/johndoe31415/d0473110d44c036cd014392282583cb1
Log when it can't find the key (-key pkcs11:id=1): https://gist.github.com/johndoe31415/9b7f3cf742a1e5f58a8b581c7b258d05
Not sure if I'm doing something wrong here. Tried to specify id=01, id=1, id=id_01 on the command line as well, but neither worked.
Thanks for looking at this.
All the best,
Joe
The text was updated successfully, but these errors were encountered: