| Yubico Forum https://forum.yubico.com/ |
|
| YubiKey 4C on macOs with openssl https://forum.yubico.com/viewtopic.php?f=35&t=2731 |
Page 1 of 1 |
| Author: | capodaster [ Fri Sep 29, 2017 7:28 pm ] |
| Post subject: | YubiKey 4C on macOs with openssl |
Hello, I recently got my YubiKey 4C and want to use it on macOS Sierra 10.12.6. What I am trying to achieve is setting up openssl to use pkcs11 as an engine. I used brew to install openssl and not to mess up my system openssl installation. Running Code: >./openssl version from the installation /bin directory returns a newer version. OpenSSL 1.0.2l 25 May 2017 I followed https://dennis.silvrback.com/openssl-ca-with-yubikey-neo instructions to configure the pkcs11 engine for openssl. To my /etc/ssl/openssl.cnf file I added: Code: openssl_conf = openssl_def ... [openssl_def] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so MODULE_PATH = /usr/local/Cellar/opensc/0.17.0/lib/opensc-pkcs11.so init = 0 Now when I start openssl shell I get: Code: OpenSSL>engine pkcs11 -t 140736418550792:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(/usr/local/Cellar/openssl/1.0.2l/lib/engines/libpkcs11.dylib): dlopen(/usr/local/Cellar/openssl/1.0.2l/lib/engines/libpkcs11.dylib, 2): image not found 140736418550792:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233: 140736418550792:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:467: 140736418550792:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=pkcs11 Entering the dynamic engine command yields: Code: OpenSSL> engine dynamic -pre SO_PATH:/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/Cellar/opensc/0.17.0/lib/opensc-pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:/usr/local/Cellar/opensc/0.17.0/lib/opensc-pkcs11.so Loaded: (pkcs11) pkcs11 engine The paths should also be valid: Code: $ ls /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so $ ls /usr/local/Cellar/opensc/0.17.0/lib/opensc-pkcs11.so /usr/local/Cellar/opensc/0.17.0/lib/opensc-pkcs11.so Can you please point out what I did wrong? My overall goal is setting up my own root CA like https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html describes. The only difference should be that the private key should be stored and generated on the YubiKey4C. Thank you very much for you help and effort. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|