You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am relatively newbie to these technologies and I am a bit lost about what to do with the error message I currently face.
To put things right, I have an embedded system running Linux 5.10 on which I try to communicate with the TPM2.0 chip (Infineon SLM9670). I have at disposal every tpm2 high-level libraries and it is working quite well (tpm2-tss, tpm2-abrmd, tmp2-tools, tpm2-openssl, tpm2-pkcs11).
The thing is, I now try to use OpenSSL 3.2.2 to sign a file with the rsa key I generated on the slot 1 of my PKCS11 implementation on the TPM2.0.
Here is the slot on which I generated my key:
# pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so -L
Available slots:
Slot 0 (0x1): test token
token label :test token
token manufacturer : Infineon
token model : SLM9670
token flags : login required, rng, token initialized, PIN initialized
hardware version : 1.38
firmware version : 13.11
serial num : 0000000000000000
pin min/max : 0/128
Slot 1 (0x2):
token state: uninitialized
And the key itself:
# pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --slot=1 --login --pin=testuserpin --list-objects
Public Key Object; RSA 2048 bits
label: rsakey
Usage: encrypt, verify
Access: local
Private Key Object; RSA
label: rsakey
Usage: decrypt, sign
Access: sensitive, always sensitive, never extractable, local
Allowed mechanisms: RSA-X-509,RSA-PKCS-OAEP,RSA-PKCS,SHA1-RSA-PKCS,SHA256-RSA-PKCS,SHA384-RSA-PKCS,SHA512-RSA-PKCS,RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS
Now, I am trying to sign a certificate using OpenSSL and the private key from the PKCS11 implementation on the TPM using the following command:
When I enter the command, it is said that openssl cannot find any private key to use:
Could not open file or uri for loading private key from pkcs11:token=test token;slot-id=1;type=private;object=rsakey;pin-value=testuserpin
0023F1B6:error:80000002:system library:file_open:No such file or directory:providers/implementations/storemgmt/file_store.c:263:calling stat(pkcs11:token=test token;slot-id=1;type=private;object=rsakey;pin-value=testuserpin)
0023F1B6:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:360:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (pkcs11 : 0), Properties (<null>)
pkeyutl: Error initializing context
The text was updated successfully, but these errors were encountered:
(this is copypasta from a stackoverflow subject I opened a few days ago: https://stackoverflow.com/questions/78710686/how-to-sign-a-file-with-tpm2-pkcs11-and-openssl)
I am relatively newbie to these technologies and I am a bit lost about what to do with the error message I currently face.
To put things right, I have an embedded system running Linux 5.10 on which I try to communicate with the TPM2.0 chip (Infineon SLM9670). I have at disposal every tpm2 high-level libraries and it is working quite well (tpm2-tss, tpm2-abrmd, tmp2-tools, tpm2-openssl, tpm2-pkcs11).
The thing is, I now try to use OpenSSL 3.2.2 to sign a file with the rsa key I generated on the slot 1 of my PKCS11 implementation on the TPM2.0.
Here is the slot on which I generated my key:
And the key itself:
Now, I am trying to sign a certificate using OpenSSL and the private key from the PKCS11 implementation on the TPM using the following command:
The tpm2-pkcs11.openssl.conf looks like this:
When I enter the command, it is said that openssl cannot find any private key to use:
The text was updated successfully, but these errors were encountered: