hi
i am trying to test the pkcs11 with optee on our imx8mp but am encountering some problems.
i have loaded my private key to the optee slot with
/p11tool --login --write "pkcs11:model=OP-TEE%20TA;manufacturer=Linaro;serial=0000000000000001;token=%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A" --load-privkey ./server-private-key.pem --label "mykey"
i see it in the p11tool list-all command
Object 2:
URL: pkcs11:model=OP-TEE%20TA;manufacturer=Linaro;serial=0000000000000001;token=%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A;id=%09%74%2D%A9%0E%81%BC%52%DE%4F%3D%35%92%82%B5%46%51%18%29%34;object=mykey;type=private
Type: Private key (EC/ECDSA)
Label: mykey
Flags: CKA_PRIVATE; CKA_SENSITIVE;
ID: 09:74:2d:a9:0e:81:bc:52:de:4f:3d:35:92:82:b5:46:51:18:29:34
when running the command
openssl s_server -accept 127.0.0.1:4433 -engine pkcs11 -keyform engine -key "pkcs11:model=OP-TEE%20TA;manufacturer=Linaro;serial=0000000000000001;token=%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A%2A;id=%09%74%2D%A9%0E%81%BC%52%DE%4F%3D%35%92%82%B5%46%51%18%29%34;object=mykey;type=private" -cert ./server-certificate.pem
i get :
Engine "pkcs11" set.
Using default temp DH parameters
error setting private key
20F00E94FFFF0000:error:05800075:x509 certificate routines:X509_check_private_key:unknown key type:../openssl-3.0.7/crypto/x509/x509_cmp.c:411:
when running the command with the private key not via pkcs11 engine as a pem file the command works
does anyone point out my error
thanks
