Closed gushengyuan closed 1 year ago
It's a urlencode issue~
-key "pkcs11:model=ID Prime MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX"
this format without urlencode works fine.
It could also be an issue with single apostrophes that you have in your initial command. It could be that windows handles quotes differently. My guess is that 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' is loaded into osslsigncode together with single quotes (but it shouldn't), so it is as if you ran the program with:
-key "'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX'"
which indeed is not valid url format.
I also had a similar issue when executing the program through node.js without shell to interpret the arguments
It could also be an issue with single apostrophes that you have in your initial command. It could be that windows handles quotes differently. My guess is that 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' is loaded into osslsigncode together with single quotes (but it shouldn't), so it is as if you ran the program with:
-key "'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX'"
which indeed is not valid url format.
I also had a similar issue when executing the program through node.js without shell to interpret the arguments
I got a try using quotes as you metioned, but I got the same error.
It could also be an issue with single apostrophes that you have in your initial command. It could be that windows handles quotes differently. My guess is that 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' is loaded into osslsigncode together with single quotes (but it shouldn't), so it is as if you ran the program with:
-key "'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX'"
which indeed is not valid url format.
I also had a similar issue when executing the program through node.js without shell to interpret the arguments
-key "pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX"
this format works, seems like it must use quotes on Windows.
Seems like it's not a osslsigncode issue, but it must use quotes on Windows.
Hi,
I met an issue on signing file with SafeNet eToken 5110 on Windows using the latest release osslsigncode-2.7-windows-x64-vs if I specified the key-id using the -key option, it reports URL key-id format error. It works fine if I use the same key-id on my Ubuntu.
Here Is the error message on Windows. ` C:\Users\Administrator>osslsigncode sign -verbose -pkcs11engine D:\devtools\pkcs11.dll -pkcs11module C:/Windows/System32/eToken.dll -h sha256 -ts http://sha256timestamp.ws.symantec.com/sha256/ -certs D:/01Workspace/CodeSign/yuelong.cer -key 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' -pass "xxxxxx" -in D:/01Workspace/CodeSign/7z.dll -out D:/01Workspace/CodeSign/2.dll Unable to load provider: legacy Warning: Legacy mode disabled Engine "pkcs11" set. Format not recognized! The private key ID is not a valid PKCS#11 URI The PKCS#11 URI format is defined by RFC7512 The legacy ENGINE_pkcs11 ID format is also still accepted for now Format not recognized! The private key ID is not a valid PKCS#11 URI The PKCS#11 URI format is defined by RFC7512 The legacy ENGINE_pkcs11 ID format is also still accepted for now The private key was not found at: 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' PKCS11_get_private_key returned NULL Failed to load private key 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' Failed to read key or certificates CC090000:error:41800064:pkcs11 engine:ERR_ENG_error:invalid id:eng_back.c:422: CC090000:error:13000080:engine routines:ENGINE_load_private_key:failed loading private key:crypto\engine\eng_pkey.c:79: Failed
C:\Users\Administrator> `
the same key-id used on Ubuntu works fine. ` quark@ubuntu:~$ osslsigncode sign -verbose -pkcs11module /usr/lib/libeToken.so -h sha256 -ts http://sha256timestamp.ws.symantec.com/sha256/ -certs /home/quark/Documents/yuelong.cer -pass 'xxxxxx' -key 'pkcs11:model=ID%20Prime%20MD;manufacturer=Gemalto;serial=XXXXXXXXXXXXXXXX' -in /home/quark/Downloads/7z.dll -out /home/quark/Downloads/2.dll Engine "pkcs11" set. Warning: The certificate file contains a single x509 certificate Connecting to http://sha256timestamp.ws.symantec.com/sha256/ Succeeded
quark@ubuntu:~$ `
All sensitive data above is masked with 'x'. Enviroment description 1、Windows: Windows 10 D:\devtools\pkcs11.dll is built form the libp11 master branch with openssl 3 using vs2019. v0.4.12 is not work on Windows. It works fine if I remove the -key option, because there is only one SafeNet eToken on my Windows.
2、Ubuntu:Ubuntu 22.04 It works fine if I remove the -key option when there is only one SafeNet eToken on my Ubuntu.