Open tiger-at-cranius opened 1 year ago
It has been tested with pkcs11-tool and should work. My guess would be that it is not finding the config file. You can set the YUBIHSM_PKCS11_DBG environment variable to get debugging even at startup (i.e. before trying to read the config file).
On two different machines (MacOS and on an Ubuntu VM running on WIndows Host), I have been able to set up the YubiHSM SDK and connect to the HSM using the shell, as well as access the HSM through the
openssl
command using the PKCS11 engine, as described in the guide https://developers.yubico.com/YubiHSM2/Usage_Guides/OpenSSL_with_pkcs11_engine.html. However, when I try to runpkcs11-tool --module /path/to/yubihsm_pkcs11.so --login --pin 0001password \ --keypairgen --key-type rsa:2048 --label "my_key" --usage-sign
, or any otherpkcs11-tool
command with the specified module, I get this error:The bad argument in question seems to be the module argument, as the same error appears when just listing objects or even running the test option. That would indicate some incompatibility of the YubiHSM PKCS11 library and the pkcs11-tool.