【问题标题】:How to use OpenSSL command line to operate(signature, for example) after loading OpenSSL engine?加载 OpenSSL 引擎后如何使用 OpenSSL 命令行进行操作(例如签名)?
【发布时间】:2021-06-10 13:57:08
【问题描述】:
【问题讨论】:
标签:
linux
openssl
cryptography
dsa
openssl-engine
【解决方案1】:
该 OpenSSL wiki 页面对于初学者了解 OpenSSL 引擎的工作原理很有用,但它太旧了,页面中的许多 API 已被弃用,尤其是 ECC 功能。
是的,这是可行的。
将您的YOUR_ENGINE_NAME.so 复制到/usr/lib/x86_64-linux-gnu/engines-1.1/,然后编辑/etc/openssl.cnf 以告诉OpenSSL 命令行实用程序开始加载您的引擎:
# Insert near top of file openssl.cnf:
openssl_conf = openssl_init
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
......
......
# Insert at bottom of file openssl.cnf:
[ openssl_init ]
engines = engine_section
[ engine_section ]
YOUR_ENGINE_NAME = YOUR_ENGINE_NAME_section
[ YOUR_ENGINE_NAME_section ]
engine_id = YOUR_ENGINE_NAME
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/YOUR_ENGINE_NAME.so
default_algorithms = ALL
init = 1
您可以在引擎的 init 函数中添加一些 printf 信息。如果引擎正确加载,它将在 OpenSSL 命令行实用程序启动后显示:
$ openssl
engine bind start
YOUR_ENGINE init success
OpenSSL>