Using OpenSSL to Sign and Encrypt the File (Windows) | Utimaco Integration Guides

Create a text file message.txt under C:\localCA directory and enter any value in it

›_ message.txt

Welcome to Utimaco !!!

Sign the message.txt file using the sender’s private key

›_ Console

C:\openssl cms -engine pkcs11 -sign -in C:\localCA\message.txt -signer C:\localCA\newcerts\sender\SenderSignedCertificate.cer -inkey "pkcs11:token=SSLCert;object=SenderKey" -keyform engine -out C:\localCA\signedmessage.txt

Figure 50: Openssl sign command output

Here SSLCert is the token label and SenderKey is the key on the HSM. Provide Cryptouser PIN when prompted.

Encrypt the signedmessage.txt using the receiver’s public key, supplied with the receiver’s certificate

›_ Console

C:\OpenSSL-Win64\bin>openssl cms -engine pkcs11 -encrypt -in C:\localCA\signedmessage.txt -out C:\localCA\encryptedsignedmessage.txt C:\localCA\newcerts\receiver\receiverNew.cer

Figure 51: Openssl encrypt command output

Using ECC key, only sign and verify operations can be performed with OpenSSL3.Encryption and decryption operation are not supported in this version for ECC Key.