Using OpenSSL to sign and encrypt a file: | Utimaco Integration Guides

Create a text file message.txt under C:\localCA directory and enter any value in it

›_ Console

Welcome to Utimaco Security World

Sign the message.txt file using the sender’s private key

›_ Console
`C:\openssl cms -engine pkcs11 -sign -in C:\localCA\message.txt -signer C:\localCA\newcerts\sender\SenderSignedCertificate.cer -inkey "pkcs11:token=OPENSSLWINSLOT;object=SenderKey" -keyform engine -out C:\localCA\signedmessage.txt`

›_ Console

C:\openssl cms -engine pkcs11 -sign -in C:\localCA\message.txt -signer C:\localCA\newcerts\sender\SenderSignedCertificate.cer -inkey "pkcs11:token=OPENSSLWINSLOT;object=SenderKey" -keyform engine -out C:\localCA\signedmessage.txt

Figure 53: Openssl sign command output

Here, OPENSSLWINSLOT is the token label and SenderKey is the key on the HSM. Provide Cryptouser PIN when prompted.

Encrypt the signedmessage.txt using the receiver’s public key, supplied with the receiver’s certificate

›_ Console

C:\OpenSSL-Win64\bin>openssl cms -engine pkcs11 -encrypt -in C:\localCA\signedmessage.txt -out C:\localCA\encryptedsignedmessage.txt C:\localCA\newcerts\receiver\ReceiverSignedCertificate.cer

Figure 54: Openssl encrypt command output