I'm trying to sign EXE files with osslsigncode, my cert and key are on a Safenet Hardware token which the system is able to read :
:~# pkcs11-tool --module /usr/lib/pkcs11/libeToken.so --login --list-objects --id 01 Using slot 0 with a present token (0x0)
**Certificate Object; type = X.509 cert label: Sectigo_2xxxxxxxxxxxx subject: DN: serialNumber=xxxxxxxxx/jurisdictionC=FR/businessCategory=Private Organization, C=FR, ST=xxxxxxxxxxx, O=xxxxx, CN=xxxxxx serial: xxxxxxxxxxxxxxx ID: xxxxxxxxxxxxxxx
When I try to sign with osslsigncode with the cert I extracted from the token and pointing on the token for the key I get a :
Failed to set 'dynamic' engine 4069A3092C7F0000:error:1300006D:engine routines:dynamic_load:init failed:../crypto/engine/eng_dyn.c:514: Failed
Here is the command line :
osslsigncode sign -pkcs11engine /home/xxxxx/libp11-0.4.12/src/.libs/libpkcs11.so -pkcs11module /usr/lib/pkcs11/libeToken.so -certs /home/xxxxxxx/xxxxxx.pem -h sha256 -n test -t http://timestamp.sectigo.com?td=sha256 -key 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=xxxxxxxxxxx;token=xxxxxx;object=key;type=private' -verbose -in /home/xxxxx/xxxxxxxx.exe -out /home/xxxxx/xxxxxxxxxx.exe
Did anyone had this kind of issues ?
I'm stuck here :(
Please ask if you need more information.
Thanks
Tried with opensc pkcs11 module (token not recognized). Tried various pkcs11 libraries with the same result.
You should use
pkcs11.so, notlibpkcs11.soas an engine: