-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathOpenSSL_Engines.txt
123 lines (73 loc) · 4.5 KB
/
OpenSSL_Engines.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
OpenSSL Engines
-----------------
> Install pre-requisites
hashi@rengoku:~$ sudo apt install libssl-dev pkgconf
> Download tarball for libp11
hashi@rengoku:~/Dojo$ wget https://github.com/OpenSC/libp11/releases/download/libp11-0.4.12/libp11-0.4.12.tar.gz
> Extract tarball
hashi@rengoku:~/Dojo$ tar xf libp11-0.4.12.tar.gz
hashi@rengoku:~/Dojo$ cd libp11-0.4.12/
> Configure makefile
hashi@rengoku:~/Dojo/libp11-0.4.12$ ./configure
> Start building libp11 binary
hashi@rengoku:~/Dojo/libp11-0.4.12$ make
> Install libp11 binary
hashi@rengoku:~/Dojo/libp11-0.4.12$ sudo make install
> Check if libp11 engine is accessible
hashi@rengoku:~/Dojo$ openssl engine pkcs11 -v
(pkcs11) pkcs11 engine
SO_PATH, MODULE_PATH, PIN, VERBOSE, QUIET, INIT_ARGS, FORCE_LOGIN,
RE_ENUMERATE
> Additional tools
sudo apt install opensc gnutls-bin
hashi@rengoku:~/Dojo$ p11tool --list-all --provider /usr/local/dpod/libs/64/libCryptoki2.so --login
Token 'SamPaul_FIPS' with URL 'pkcs11:model=Cryptovisor7;manufacturer=SafeNet;serial=1285217930537;token=SamPaul_FIPS' requires user PIN
Enter PIN:
Object 0:
URL: pkcs11:model=Cryptovisor7;manufacturer=SafeNet;serial=1285217930537;token=SamPaul_FIPS;object=rsa-pri;type=private
Type: Private key (RSA-2048)
Label: rsa-pri
Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID:
Object 1:
URL: pkcs11:model=Cryptovisor7;manufacturer=SafeNet;serial=1285217930537;token=SamPaul_FIPS;object=rsa-pub;type=public
Type: Public key (RSA-2048)
Label: rsa-pub
Flags: CKA_PRIVATE;
ID:
OPENSSL_CONF=engine.conf openssl dgst -engine pkcs11 -keyform engine -sign "pkcs11:model=Cryptovisor7;manufacturer=SafeNet;serial=1285217930537;token=SamPaul_FIPS;object=rsa-pri;type=private" -sha256 -out jack_and_jill.txt.sig jack_and_jill.txt
OPENSSL_CONF=engine.conf openssl dgst -engine pkcs11 -keyform engine -verify "pkcs11:model=Cryptovisor7;manufacturer=SafeNet;serial=1285217930537;token=SamPaul_FIPS;object=rsa-pub;type=private" -sha256 -signature jack_and_jill.txt.sig jack_and_jill.txt
hashi@rengoku:~/Dojo$ openssl engine gem
(gem) Gem engine support
hashi@rengoku:~/Dojo$ cmu list
Certificate Management Utility (64-bit) v10.5.0-470. Copyright (c) 2022 SafeNet. All rights reserved.
Please enter password for token in slot 0 : *********
ouid=c16b000023000001e3990800 label=rsa-pri
ouid=c06b000023000001e3990800 label=rsa-pub
hashi@rengoku:~/Dojo$ openssl genrsa -engine gem -out rsa.pri
HSM Label is "SamPaul_FIPS".
Enter Crypto-Officer Password: ***************************************************************************************************************************************************************************************************************************************************************
engine "gem" set.
Generating RSA private key, 2048 bit long modulus (2 primes)
e is 65537 (0x010001)
hashi@rengoku:~/Dojo$ cmu list -password userpinco
Certificate Management Utility (64-bit) v10.5.0-470. Copyright (c) 2022 SafeNet. All rights reserved.
ouid=196c000023000001e3990800 label=rsa-private-de143e5ad24f8885e66445176b055f507c59c963
ouid=186c000023000001e3990800 label=rsa-public-de143e5ad24f8885e66445176b055f507c59c963
ouid=c16b000023000001e3990800 label=rsa-pri
ouid=c06b000023000001e3990800 label=rsa-pub
hashi@rengoku:~/Dojo$ xxd -p jack_and_jill.txt.sig
0a154b9f9666041983d86bf8597a13d116286a2296c93de881ff6474cb5d
8c4e4deb7caa9acb75f20fae0719da24d2aa308ba701b6f62d0202f2951a
84895e9f1add0ea4959535031348a507694b11e34756417f3a32fac2dd2a
d5248a977c7adc2bb356d69aa33d3e9111304988eeda74364dd787fcad42
d745a0e443d620693221370db505f2804b4dc5b9dc863cb2fbfdb17aa464
611441ca8ca053d8ea8b7e0d14b8353c75d47981cf77ebd45f19f90cb3f4
78c92d829a748a294a7ca23d765f574fdc780376e12a4f5c53fb70fde054
3961f042c4762094b529089655acd6cdff71db720f08c613ab774dcca236
eb4b1f661347a510bf29145b6f78851d
hashi@rengoku:~/Dojo$ openssl dgst -engine gem -keyform engine -verify rsa-public-de143e5ad24f8885e66445176b055f507c59c963 -signature jack_and_jill.txt.sig jack_and_jill.txt
HSM Label is "SamPaul_FIPS".
Enter Crypto-Officer Password: ***************************************************************************************************************************************************************************************************************************************************************
engine "gem" set.
Verified OK