Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to use CAPI engine in OpenSSL 1.0.0a

1,253 views
Skip to first unread message

Michal Trojnara

unread,
Sep 8, 2010, 10:19:49 AM9/8/10
to

Guys,

I spent a day trying to load CAPI engine in OpenSSL 1.0.0a.

The error I received was:

C:\test>openssl engine -t dynamic -pre "SO_PATH:capieay32" -pre ID:capi
-pre LOAD
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:capieay32
[Success]: ID:capi
[Failure]: LOAD
5220:error:260B606D:engine routines:DYNAMIC_LOAD:init
failed:eng_dyn.c:521:
[ unavailable ]

The same error is printed when a full path is specified.
For an incorrect file name it returned a different error:

C:\test>openssl engine -t dynamic -pre "SO_PATH:nonexisting" -pre ID:capi
-pre LOAD
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:nonexisting
[Success]: ID:capi
[Failure]: LOAD
4672:error:25078067:DSO support routines:WIN32_LOAD:could not load the
shared library:dso_win32.c:18
0:filename(nonexisting.dll)
4672:error:25070067:DSO support routines:DSO_load:could not load the
shared library:dso_lib.c:244:
4672:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:450:
[ unavailable ]

Was anyone able to use CAPI in OpenSSL 1.0.0a? I tried to find any
example in the Internet, but without any luck.

Best regards,
Mike
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Patrick Patterson

unread,
Sep 8, 2010, 1:19:56 PM9/8/10
to
Hi Mickal:

The following is an extract from one of our How-To docs that we're about to release:

Install the Win32 OpenSSL standard Binary Package:

Create the following in C:\openssl-win32\bin\openssl.cnf

#
# OpenSSL example configuration file for definition of CAPI engine.
#
openssl_conf = openssl_init

[openssl_init]
oid_section = new_oids
engines = engine_section

[engine_section]
capi = capi_config

[capi_config]
engine_id = capi
dynamic_path = c:\\openssl-win32\\bin\\capi.dll
init=1

This sets up OpenSSL to be able to use the CAPI engine.

Confirm this is working by typing the following:

openssl engine -t -post list_csps

And you should see a list as follows:

Available CSPs:
0. Gemalto Classic Card CSP, type 1
1. Infineon SICRYPT Base Smart Card CSP, type 1
2. Microsoft Base Cryptographic Provider v1.0, type 1
3. Microsoft Base DSS and Diffie-Hellman Cryptographic Provider, type 13
4. Microsoft Base DSS Cryptographic Provider, type 3
5. Microsoft Base Smart Card Crypto Provider, type 1
6. Microsoft DH SChannel Cryptographic Provider, type 18
7. Microsoft Enhanced Cryptographic Provider v1.0, type 1
8. Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, type 13
9. Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype), type 24
10. Microsoft Exchange Cryptographic Provider v1.0, type 5
11. Microsoft RSA SChannel Cryptographic Provider, type 12
12. Microsoft Strong Cryptographic Provider, type 1
13. Schlumberger Cryptographic Service Provider, type 1
[Success]: list_csps

From here, some interesting things to be able to do:

openssl engine -t -post list_options:35 -post list_certs

This will list all of the certs as well as information about their private keys (whether that certificate has a private key in the store associated with it).

Have fun!

Patrick.

---
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca

tel: +1 514 485 0789
mobile: +1 514 994 8699
fax: +1 450 424 9559

Message has been deleted

edagr...@gmail.com

unread,
Jan 16, 2020, 2:51:42 PM1/16/20
to
This is what worked for me on OpenSSL 1.1.1c on Windows 10. I installed OpenSSL without any openssl.cnf file.

C:\>openssl engine -t -post "list_csps" capi
(capi) CryptoAPI ENGINE
[RSA, DSA]
[ available ]
Available CSPs:
0. Microsoft Base Cryptographic Provider v1.0, type 1
1. Microsoft Base DSS and Diffie-Hellman Cryptographic Provider, type 13
2. Microsoft Base DSS Cryptographic Provider, type 3
3. Microsoft Base Smart Card Crypto Provider, type 1
4. Microsoft DH SChannel Cryptographic Provider, type 18
5. Microsoft Enhanced Cryptographic Provider v1.0, type 1
6. Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, type 13
7. Microsoft Enhanced RSA and AES Cryptographic Provider, type 24
8. Microsoft RSA SChannel Cryptographic Provider, type 12
9. Microsoft Strong Cryptographic Provider, type 1
[Success]: list_csps

You can list the engine capabilities like this:
C:\>openssl engine -vv capi
(capi) CryptoAPI ENGINE
list_certs: List all certificates in store
lookup_cert: Lookup and output certificates
debug_level: debug level (1=errors, 2=trace)
debug_file: debugging filename)
key_type: Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE
list_csps: List all CSPs
csp_idx: Set CSP by index
csp_name: Set CSP name, (default CSP used if not specified)
csp_type: Set CSP type, (default RSA_PROV_FULL)
list_containers: list container names
list_options: Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, 32=private key info)
lookup_method: Set key lookup method (1=substring, 2=friendlyname, 3=container name)
store_name: certificate store name, default "MY"
store_flags: Certificate store flags: 1 = system store

-Ed Greaves

iqbalce...@gmail.com

unread,
Feb 12, 2020, 9:16:39 AM2/12/20
to
best apk game for all of you
https://supermashflash2online.com/

Thomas Shelby

unread,
Mar 26, 2023, 7:04:24 AM3/26/23
to
Hiring a professional bathroom fitter can ensure that your bathroom renovation is completed to a high standard and with minimum stress or hassle. https://www.lgcdecorators.co.uk/our-services/bathroom-fitting-bathroom-renovation/

Robert Rodriguez

unread,
Mar 27, 2023, 4:07:02 PM3/27/23
to
It is challenging and expensive to find qualified employees, especially in specialist areas such as installing solar technology, electrical engineering or plumbing.
https://bauarbeitertalente.at/
Message has been deleted

sunny bhatti

unread,
Apr 9, 2023, 4:28:40 AM4/9/23
to
I use MSVC to build several OpenSSL variations. In order to make this process simpler, I wrote a batch script. In order to utilize it, you simply need Microsoft Visual Studio, Cygwin, and the source code. I utilize these builds to later compile other libraries.
<url>https://www.laptops100.com/</url>

Robert Rodriguez

unread,
Apr 12, 2023, 6:54:13 AM4/12/23
to
Additionally, we have a team of experienced professionals who are available to help with any questions or issues that may arise. With our expertise and commitment to excellence
https://web750.com/
0 new messages