Using OpenSSL to Sign and Encrypt the File (Linux) | Utimaco Integration Guides

Go to /localCA directory and create a text file message.txt and enter any value in it.

›_ Console

# cd /localCA

# echo "Welcome to Utimaco Team!!!">message.txt

Sign the message.txt file using the sender’s private key

›_ Console

# openssl cms -engine pkcs11 -sign -in message.txt -signer

/localCA/newcerts/sender/SenderSignedCertificate.cert -inkey "pkcs11:token=SSLCert1;object=SenderKey" -keyform engine -out signedmessage.txt

Figure 30: Openssl sign command output and content of signed message file

Here SSLCert1 is the token label and SenderKey is the key on the HSM. Provide Cryptouser PIN when prompted.

Encrypt the signedmessage.txt using the receiver’s public key, supplied with the receiver’s certificate

›_ Console

# openssl cms -engine pkcs11 -encrypt -in signedmessage.txt -out encryptedsignedmessage.txt

/localCA/newcerts/receiver/ReceiverSignedCertificate.cert

Figure 31: Openssl encrypt command output

Using ECC key, only sign and verify operations can be performed with OpenSSL3.Encryption and decryption operation are not supported in this version for ECC Key.