PKCS#11 引擎在 centos 6 上的 openssl 中不起作用 [英] PKCS#11 engine does not work in openssl on centos 6

问题描述

我想在 OpenSSL 中添加一个 PKCS#11 引擎，我使用的是 CentOS 6.2.我实际上加载引擎没有问题，如下所示:

I want to add a PKCS#11 engine to OpenSSL and I use CentOS 6.2. I actually load engine with no problem as you can see below:

[root@localhost 05:06:18  openssl-1.0.1e]$ openssl engine -t dynamic -pre SO_PATH:/usr/lib/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/libsst.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/openssl/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/local/lib/libsst.so
Loaded: (pkcs11) pkcs11 engine
    [ available ]

但是当我使用 OpenSSL 选项查看加载的引擎时，pkcs11 引擎不在列表中:

but when I use OpenSSL option to see the loaded engine, the pkcs11 engine isn't in the list:

[root@localhost 05:19:58  openssl-1.0.1e]$ openssl engine -v -t 
(aesni) Intel AES-NI engine (no-aesni)
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
     SO_PATH, NO_VCHECK, ID, LIST_ADD, DIR_LOAD, DIR_ADD, LOAD

当我想使用引擎时，我看到了这个错误:

and when I want to use the engine, I see this error:

[root@localhost 05:20:04  openssl-1.0.1e]$ openssl genrsa -engine pkcs11 -out priv.key 1024
invalid engine "pkcs11"
3078776556:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/openssl/engines/libpkcs11.so):   /usr/lib/openssl/engines/libpkcs11.so: cannot open shared object file: No such file or   directory
3078776556:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
3078776556:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
3078776556:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=pkcs11
3078776556:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libpkcs11.so): libpkcs11.so: cannot open shared object file: No such file or directory
3078776556:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
3078776556:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
Generating RSA private key, 1024 bit long modulus
.......++++++
.......++++++
e is 65537 (0x10001)

我无法弄清楚问题可能是什么......

I can't figure out what the problem could be...

推荐答案

这个问题是因为OpenSSL只加载了一次库，之后就不保持状态了，所以如果我们想保持状态就必须使用以下命令:

This problem is because OpenSSL load the library just for one time and after that it does not keep the state, so if we want to keep the state we must use the following commands:

[root@localhost 04:58:25  home]$ openssl
OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/libsst.so
 (dynamic) Dynamic engine loading support
 [Success]: SO_PATH:/usr/lib/openssl/engines/engine_pkcs11.so
 [Success]: ID:pkcs11
 [Success]: LIST_ADD:1
 [Success]: LOAD
 [Success]: MODULE_PATH:/usr/local/lib/libsst.so
 Loaded: (pkcs11) pkcs11 engine
      [ available ]
OpenSSL> engine
 (aesni) Intel AES-NI engine (no-aesni)
 (dynamic) Dynamic engine loading support
 (pkcs11) pkcs11 engine
OpenSSL> 

这篇关于PKCS#11 引擎在 centos 6 上的 openssl 中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！