Get logs of OpenSC PKCS11 engine for OpenSSL

Question

I'm using OpenSC's PKCS11 engine for OpenSSL. I want to obtain the logs from OpenSC, also I want to force a login. According to https://github.com/OpenSC/libp11/blob/master/README.md I can do so with the VERBOSE and FORCE_LOGIN parameters, but where do I put them?

I tried to put them into the corresponding OpenSSL config section:

[pkcs11_section]
engine_id = pkcs11
dynamic_path = C:/App/pkcs11.dll
MODULE_PATH = C:/App/MyCryptokiImpl.dll
PIN = ENV
FORCE_LOGIN = 1
VERBOSE = 1
default_algorithms = ALL
init = 0

But that doesn't do anything. How to properly forward those flags to OpenSC?

score 1 · Accepted Answer · answered Nov 12 '21 at 20:56

FORCE_LOGIN and VERBOSE commands do not take any parameters.

The proper way to forward them to the engine through the config file is to use EMPTY instead of 1:

[pkcs11_section]
engine_id = pkcs11
dynamic_path = C:/App/pkcs11.dll
MODULE_PATH = C:/App/MyCryptokiImpl.dll
PIN = ENV
FORCE_LOGIN = EMPTY
VERBOSE = EMPTY
default_algorithms = ALL
init = 0

Get logs of OpenSC PKCS11 engine for OpenSSL

1 Answers1