You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apologies if this has been asked already, I did a quick search online but couldn't find any references to "100 characters" or other PKCS#11 URI length limits, though I might have missed a doc somewhere.
$ openssl req -new -x509 -days 3650 -subj '/CN=test/' -sha256 -engine pkcs11 -keyform engine -key pkcs11:id=some_id_longer_than_100_characters > my-test.crt
Engine "pkcs11" set.
The private key ID is not a valid PKCS#11 URI
The PKCS#11 URI format is defined by RFC7512
The private key ID is not a valid PKCS#11 URI
The PKCS#11 URI format is defined by RFC7512
The private key was not found at: pkcs11:id=some_id_longer_than_100_characters
PKCS11_get_private_key returned NULL
Could not read private key from org.openssl.engine:pkcs11:pkcs11:id=some_id_longer_than_100_characters
40D7D791067F0000:error:40000064:pkcs11 engine:ERR_ENG_error:invalid id:eng_back.c:400:
40D7D791067F0000:error:13000080:engine routines:ENGINE_load_private_key:failed loading private key:../crypto/engine/eng_pkey.c:79:
Aborted
"some_id_longer_than_100_characters" has been redacted, but the same behavior can also be reproduced with something simple such as 100 "a"s.
My questions:
is this intended?
is the limit documented anywhere?
I opened an issue in the OpenSSL repo as well, but they rightfully pointed me here. Thank you!
The text was updated successfully, but these errors were encountered:
Hello,
Apologies if this has been asked already, I did a quick search online but couldn't find any references to "100 characters" or other PKCS#11 URI length limits, though I might have missed a doc somewhere.
Our PKCS#11 library (https://github.com/GoogleCloudPlatform/kms-integrations) uses relatively long key IDs, and I just ran into a surprising failure while trying to generate a self-signed certificate:
"some_id_longer_than_100_characters" has been redacted, but the same behavior can also be reproduced with something simple such as 100 "a"s.
My questions:
I opened an issue in the OpenSSL repo as well, but they rightfully pointed me here. Thank you!
The text was updated successfully, but these errors were encountered: