I'm trying to sign EXE files with osslsigncode, my cert and key are on a Safenet Hardware token which the system is able to read :
:~# pkcs11-tool --module /usr/lib/pkcs11/libeToken.so --login --list-objects --id 01 Using slot 0 with a present token (0x0)
**Certificate Object; type = X.509 cert label: Sectigo_2xxxxxxxxxxxx subject: DN: serialNumber=xxxxxxxxx/jurisdictionC=FR/businessCategory=Private Organization, C=FR, ST=xxxxxxxxxxx, O=xxxxx, CN=xxxxxx serial: xxxxxxxxxxxxxxx ID: xxxxxxxxxxxxxxx
When I try to sign with osslsigncode with the cert I extracted from the token and pointing on the token for the key I get a :
Failed to set 'dynamic' engine 4069A3092C7F0000:error:1300006D:engine routines:dynamic_load:init failed:../crypto/engine/eng_dyn.c:514: Failed
Here is the command line :
osslsigncode sign -pkcs11engine /home/xxxxx/libp11-0.4.12/src/.libs/libpkcs11.so -pkcs11module /usr/lib/pkcs11/libeToken.so -certs /home/xxxxxxx/xxxxxx.pem -h sha256 -n test -t http://timestamp.sectigo.com?td=sha256 -key 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=xxxxxxxxxxx;token=xxxxxx;object=key;type=private' -verbose -in /home/xxxxx/xxxxxxxx.exe -out /home/xxxxx/xxxxxxxxxx.exe
Did anyone had this kind of issues ?
I'm stuck here :(
Please ask if you need more information.
Thanks
Tried with opensc pkcs11 module (token not recognized). Tried various pkcs11 libraries with the same result.
Found the issue was related to a bug in osslsigncode v2.5 the fix is to upgrade to 2.6 or downgrade to 2.4