Using OpenSSL to sign and encrypt a file | Utimaco Integration Guides

Go to /localCA directory and create a text file message.txt and enter any value in it.

›_ Console

# cd /localCA
# echo "Welcome to Utimaco Security World">message.txt

Sign the message.txt file using the sender’s private key

›_ Console

# openssl cms -engine pkcs11 -sign -in message.txt -signer /localCA/newcerts/sender/SenderSignedCertificate.cert -inkey "pkcs11:token=OpensslSlot;object=SenderKey" -keyform engine -out signedmessage.txt

Figure 34: Openssl sign command output and content of signed message file

Here, OpensslSlot is the token label and SenderKey is the key on the HSM. Provide Cryptouser PIN when prompted.

Encrypt the signedmessage.txt using the receiver’s public key, supplied with the receiver’s certificate

›_ Console

# openssl cms -engine pkcs11 -encrypt -in signedmessage.txt -out encryptedsignedmessage.txt/localCA/newcerts/receiver/ReceiverSignedCertificate.cert

Figure 35: Openssl encrypt command output