[continued from previous message]
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=
testCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005
+ BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678'
+ BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ BASE2URI=pkcs11:id=%00%05
+ PRI2URI='pkcs11:type=private;id=%00%05'
+ CRT2URI='pkcs11:type=cert;object=testCert2'
+ title LINE 'RSA2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA2 PKCS11 URIS'
+ echo 'pkcs11:id=%00%05?pin-value=12345678'
+ echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%05
+ echo 'pkcs11:type=private;id=%00%05'
+ echo 'pkcs11:type=cert;object=testCert2'
+ echo ''
+ title PARA 'generate EC key pair, self-signed certificate, remove public key'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']'
+ KEYID=0006
+ URIKEYID=%00%06
+ TSTCRTN=ecCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006
+ ca_sign ecCert2 'My EC Cert 2' 0006
+ LABEL=ecCert2
+ CN='My EC Cert 2'
+ KEYID=0006
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Sun Apr 12 10:06:37 2026
CA expiration time: Sun Apr 12 10:06:36 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 09
Validity:
Not Before: Sat Apr 12 10:06:37 UTC 2025
Not After: Sun Apr 12 10:06:37 UTC 2026
Subject: CN=My EC Cert 2,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Ultra (384 bits)
Curve: SECP384R1
X:
00:93:13:e7:3c:c5:38:7c:f0:db:2c:d2:b9:9e:57:8e
aa:c4:0f:91:7f:1c:86:6c:86:a2:20:7f:5c:a8:ba:df
f8:2d:c0:73:a8:a0:9d:0b:00:48:d8:99:74:9a:d4:79
20
Y:
00:d2:3c:57:10:4f:f5:e3:17:5e:8c:dd:24:9f:0e:ba
16:af:e0:df:43:63:cc:8e:72:4f:5b:08:ff:b8:e6:7d
3e:95:72:43:fd:4b:f0:15:56:03:1c:ac:b4:87:22:e2
f0
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
802c84b5c5706a24e3eed2beff136c0d321aca96
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:802c84b5c5706a24e3eed2beff136c0d321aca96
sha256:d876d77c8be1d2143488306998fb0165eaec61463dcda90d6d49f28a900921cc
Public Key PIN:
pin-sha256:2HbXfIvh0hQ0iDBpmPsBZersYUY9zakNbUnyipAJIcw=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006
+ ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678'
+ ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASE2URI=pkcs11:id=%00%06
+ ECPRI2URI='pkcs11:type=private;id=%00%06'
+ ECCRT2URI='pkcs11:type=cert;object=ecCert2'
+ title LINE 'EC2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC2 PKCS11 URIS'
+ echo 'pkcs11:id=%00%06?pin-value=12345678'
+ echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%06
+ echo 'pkcs11:type=private;id=%00%06'
+ echo 'pkcs11:type=cert;object=ecCert2'
+ echo ''
+ '[' -z '' ']'
+ title PARA 'explicit EC unsupported'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## explicit EC unsupported'
+ '[' -f '' ']'
+ title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate'
+ '[' -f '' ']'
+ KEYID=0008
+ URIKEYID=%00%08
+ TSTCRTN=ecCert3
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth
+ ca_sign ecCert3 'My EC Cert 3' 0008
+ LABEL=ecCert3
+ CN='My EC Cert 3'
+ KEYID=0008
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Sun Apr 12 10:06:37 2026
CA expiration time: Sun Apr 12 10:06:36 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0a
Validity:
Not Before: Sat Apr 12 10:06:37 UTC 2025
Not After: Sun Apr 12 10:06:37 UTC 2026
Subject: CN=My EC Cert 3,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Future (528 bits)
Curve: SECP521R1
X:
01:91:90:ac:14:2b:f9:25:4a:6a:0a:36:69:e0:c2:1a
4f:97:2d:55:bc:31:28:a5:84:4d:e9:31:bd:43:37:0b
bc:51:11:56:ae:a3:e6:94:fc:3d:38:2b:c8:79:19:ee
07:b9:26:7e:38:ef:f4:dc:bb:0a:34:0f:20:22:7d:6d
8e:07
Y:
01:42:7d:15:09:29:1a:f9:d7:6b:72:06:4f:e2:99:90
22:1e:fd:47:3d:a4:63:04:27:8c:99:ca:bf:d1:43:1e
e8:ce:45:91:17:bf:50:b5:5a:54:16:ab:dc:62:89:a1
ab:69:c0:d0:5e:61:3d:01:7b:3c:3d:e8:b8:d3:76:50
88:17
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
6044042ea591f465fec59b7583132f17fea5da6f
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:6044042ea591f465fec59b7583132f17fea5da6f
sha256:631157d1bdd24aa6db9d96be35f88be880e626476e1ecbdf4b36614565098f28
Public Key PIN:
pin-sha256:YxFX0b3SSqbbnZa+NfiL6IDmJkduHsvfSzZhRWUJjyg=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3
+ ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678'
+ ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASE3URI=pkcs11:id=%00%08
+ ECPUB3URI='pkcs11:type=public;id=%00%08'
+ ECPRI3URI='pkcs11:type=private;id=%00%08'
+ ECCRT3URI='pkcs11:type=cert;object=ecCert3'
+ title LINE 'EC3 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC3 PKCS11 URIS'
+ echo 'pkcs11:id=%00%08?pin-value=12345678'
+ echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%08
+ echo 'pkcs11:type=public;id=%00%08'
+ echo 'pkcs11:type=private;id=%00%08'
+ echo 'pkcs11:type=cert;object=ecCert3'
+ echo ''
+ '[' 1 -eq 1 ']'
+ KEYID=0010
+ URIKEYID=%00%10
+ TSTCRTN=testRsaPssCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-
RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS
+ ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS
+ LABEL=testRsaPssCert
+ CN='My RsaPss Cert'
+ KEYID=0010
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg -
-provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-
path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS
Generating a signed certificate...
Expiration time: Sun Apr 12 10:06:37 2026
CA expiration time: Sun Apr 12 10:06:36 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0b
Validity:
Not Before: Sat Apr 12 10:06:37 UTC 2025
Not After: Sun Apr 12 10:06:37 UTC 2026
Subject: CN=My RsaPss Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:91:8f:55:58:03:5e:8f:11:22:08:85:ae:10:32:4a
49:9f:68:31:c0:ab:8e:2d:47:95:fa:76:ab:e7:6d:66
61:fd:46:f9:b6:f0:fc:33:b3:39:04:7c:1a:f3:c7:57
4e:ef:b9:f7:9e:c9:3f:83:5b:14:18:fb:27:86:98:00
36:95:51:65:e5:2e:18:a3:88:c0:8a:63:09:9f:41:7a
3d:85:19:15:36:08:85:57:a0:76:a8:b5:31:95:51:6d
49:a9:5f:f6:57:74:8c:c2:b1:0a:0f:e9:15:82:12:28
a9:2e:e6:5d:cb:ca:aa:5a:f2:85:e6:52:07:68:31:39
14:84:0b:89:cf:a4:a8:70:da:5a:51:83:22:27:d2:5e
a6:07:44:79:7b:02:28:b3:72:19:d6:1c:58:b9:f9:f0
70:e3:ec:5c:42:15:78:0e:53:13:b5:56:55:25:fa:af
22:31:f0:43:ec:5a:e6:6e:1c:e3:b1:1c:e9:06:2d:39
cb:d1:b1:95:89:24:74:3c:75:57:56:f3:36:95:1b:06
4e:67:06:d5:fa:a9:73:71:3f:39:48:f7:1a:39:6a:07
79:4f:5d:e1:6a:74:33:2e:d7:1c:22:9a:c2:d2:41:9a
9b:31:73:14:ba:85:59:b5:48:99:9a:58:11:05:62:f4
b3
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
0320b232594869228d88575868c0b5a6cd0ff963
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:0320b232594869228d88575868c0b5a6cd0ff963
sha256:faff364280bb8f740f47b2a85e360a224202e307e37b8b5bd069e60f3b5cc1a5
Public Key PIN:
pin-sha256:+v82QoC7j3QPR7KoXjYKIkIC4wfje4tb0GnmDztcwaU=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=
testRsaPssCert
+ RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678'
+ RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ RSAPSSBASEURI=pkcs11:id=%00%10
+ RSAPSSPUBURI='pkcs11:type=public;id=%00%10'
+ RSAPSSPRIURI='pkcs11:type=private;id=%00%10'
+ RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert'
+ title LINE 'RSA-PSS PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA-PSS PKCS11 URIS'
+ echo 'pkcs11:id=%00%10?pin-value=12345678'
+ echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%10
+ echo 'pkcs11:type=public;id=%00%10'
+ echo 'pkcs11:type=private;id=%00%10'
+ echo 'pkcs11:type=cert;object=testRsaPssCert'
+ echo ''
+ KEYID=0011
+ URIKEYID=%00%11
+ TSTCRTN=testRsaPss2Cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS
+ ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256
+ LABEL=testRsaPss2Cert
+ CN='My RsaPss2 Cert'
+ KEYID=0011
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
--provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/
reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256
Generating a signed certificate...
Expiration time: Sun Apr 12 10:06:38 2026
CA expiration time: Sun Apr 12 10:06:36 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0c
Validity:
Not Before: Sat Apr 12 10:06:38 UTC 2025
Not After: Sun Apr 12 10:06:38 UTC 2026
Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (3092 bits)
Modulus (bits 3092):
0b:ad:2e:1b:cd:79:ea:5d:96:08:73:ec:d4:79:c6:6e
f6:e0:87:bd:7f:81:b7:10:4b:c0:a0:40:6e:e6:d3:43
22:81:24:12:cb:9e:01:9e:7c:1e:2c:7b:63:ea:71:f9
05:7e:f8:61:09:d2:05:2b:80:65:28:fa:7e:8e:ee:33
f3:98:03:57:f0:c1:47:d5:5a:12:7a:2f:84:88:75:07
c0:e8:7c:f1:c1:fa:b0:24:95:ce:9c:39:ba:90:17:4a
99:98:40:3a:25:6d:a3:d3:21:1d:00:23:d2:8e:58:45
14:89:d1:c5:61:33:87:8f:28:69:49:e3:43:6b:7e:a9
99:84:f5:4e:49:3f:4f:47:89:5a:eb:f8:9d:12:f3:5a
5b:b3:cc:7d:47:e8:3a:5f:c5:fb:61:df:a0:fa:76:95
f0:fe:e7:8c:98:74:68:25:1e:03:6a:05:02:d4:e7:6c
54:f8:aa:89:9f:ed:41:18:51:a4:de:95:3c:e9:4f:97
53:ac:88:d2:fe:cd:d4:80:ed:84:7d:90:87:8d:49:a6
26:37:a9:5b:68:85:94:9d:3d:2d:39:6e:88:fa:53:b8
69:75:d7:1d:6f:5b:4f:b8:e8:90:ce:f9:3c:1f:f3:5e
28:21:bd:95:76:de:f5:2e:f2:5a:31:ca:4e:b4:91:a3
bd:c7:ec:6c:d6:78:8d:f8:2e:17:e9:54:2d:e7:29:07
42:77:e2:ff:35:1f:63:b1:04:d7:55:36:19:63:cb:8c
6b:be:b7:97:57:ed:4e:30:17:c8:39:e4:15:97:b1:88
ab:95:d2:40:87:e6:bc:02:73:a9:86:15:ee:91:46:b5
b8:96:29:f3:b8:96:ff:cc:90:70:71:36:a0:8a:6e:80
05:b9:9b:3f:23:61:8b:64:82:09:36:ea:44:d5:dd:2b
51:dc:9d:4c:62:db:b1:9a:4f:fd:39:dc:ce:7d:7f:f2
1e:64:bc:71:95:24:c7:2d:ae:e5:1f:92:b7:72:75:26
e4:19:c5
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
67ed909e346c4393ab159546de2e20b248e86ebf
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:67ed909e346c4393ab159546de2e20b248e86ebf
sha256:1b26296d2c78940ca8fe5c1ae4e5684c471fc730e069383434882c6a4d247fd4
Public Key PIN:
pin-sha256:GyYpbSx4lAyo/lwa5OVoTEcfxzDgaTg0NIgsak0kf9Q=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=
testRsaPss2Cert
+ RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678'
+ RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ RSAPSS2BASEURI=pkcs11:id=%00%11
+ RSAPSS2PUBURI='pkcs11:type=public;id=%00%11'
+ RSAPSS2PRIURI='pkcs11:type=private;id=%00%11'
+ RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert'
+ title LINE 'RSA-PSS 2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA-PSS 2 PKCS11 URIS'
+ echo 'pkcs11:id=%00%11?pin-value=12345678'
+ echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%11
+ echo 'pkcs11:type=public;id=%00%11'
+ echo 'pkcs11:type=private;id=%00%11'
+ echo 'pkcs11:type=cert;object=testRsaPss2Cert'
+ echo ''
+ title PARA 'Show contents of softhsm token'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## Show contents of softhsm token'
+ '[' -f '' ']'
+ echo ' ----------------------------------------------------------------------------------------------------'
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O
+ echo ' ----------------------------------------------------------------------------------------------------'
+ title PARA 'Output configurations'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## Output configurations'
+ '[' -f '' ']'
+ OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf
+ title LINE 'Generate openssl config file'
+ case "$1" in
+ shift 1
+ echo 'Generate openssl config file'
+ sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-
1.0/obj-x86_64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|
g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in
+ title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars'
+ case "$1" in
+ shift 1
+ echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars'
+ cat
+ '[' -n pkcs11:id=%00%04 ']'
+ cat
+ '[' -n pkcs11:id=%00%09 ']'
+ cat
+ '[' -n '' ']'
+ '[' -n pkcs11:id=%00%10 ']'
+ cat
+ cat
+ gen_unsetvars
+ grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars
+ sed -e s/export/unset/ -e 's/=.*$//'
+ title ENDSECTION
+ case "$1" in
+ echo ''
+ echo ' ##'
+ echo '########################################'
+ echo '' ==============================================================================
==================================== 3/92 ====================================
test: pkcs11-provider:kryoptic / setup
start time: 10:06:38
duration: 0.03s
result: exit status 0
command: TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so LIBSPATH=/build/
reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=228 MESON_TEST_ITERATION=1
UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so SOFTOKNPATH=/usr/lib/x86_64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic
----------------------------------- stdout -----------------------------------
########################################
## Searching for Kryoptic module
skipped: Unable to find kryoptic PKCS#11 library ----------------------------------- stderr -----------------------------------
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=kryoptic
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' kryoptic == softhsm ']'
+ '[' kryoptic == softokn ']'
+ '[' kryoptic == kryoptic ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module'
++ case "$1" in
++ shift 1
++ echo '########################################'
++ echo '## Searching for Kryoptic module'
++ echo ''
++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/
libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /target/debug/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /target/release/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so
++ for _lib in "$@"
++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
++ echo 'skipped: Unable to find kryoptic PKCS#11 library'
++ exit 0 ==============================================================================
==================================== 4/92 ====================================
test: pkcs11-provider:kryoptic.nss / setup
start time: 10:06:38
duration: 0.03s
result: exit status 0
command: MALLOC_PERTURB_=131 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so
LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 UBSAN_
OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so SOFTOKNPATH=/usr/lib/x86_64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss
----------------------------------- stdout -----------------------------------
########################################
## Searching for Kryoptic module
skipped: Unable to find kryoptic PKCS#11 library ----------------------------------- stderr -----------------------------------
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=kryoptic.nss
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' kryoptic.nss == softhsm ']'
+ '[' kryoptic.nss == softokn ']'
+ '[' kryoptic.nss == kryoptic ']'
+ '[' kryoptic.nss == kryoptic.nss ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh
++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf
++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf
++ cat
++ export 'TOKENLABEL=Kryoptic Soft Token'
++ TOKENLABEL='Kryoptic Soft Token'
++ export TOKENLABELURI=Kryoptic%20Soft%20Token
++ TOKENLABELURI=Kryoptic%20Soft%20Token
++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module'
+++ case "$1" in
+++ shift 1
+++ echo '########################################'
+++ echo '## Searching for Kryoptic module'
+++ echo ''
+++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/
libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /target/debug/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /target/release/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so
+++ for _lib in "$@"
+++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
+++ echo 'skipped: Unable to find kryoptic PKCS#11 library'
+++ exit 0 ==============================================================================
==================================== 5/92 ====================================
test: pkcs11-provider:softokn / basic
start time: 10:06:39
duration: 0.02s
result: exit status 77
command: TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ASAN_OPTIONS=
halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=187 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t
==============================================================================
==================================== 6/92 ====================================
test: pkcs11-provider:softhsm / basic
start time: 10:06:39
duration: 5.10s
result: exit status 0
command: TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=236 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/
tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t
----------------------------------- stdout -----------------------------------
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic
## Raw Sign check error
openssl
pkeyutl -sign -inkey "${BASEURI}"
-pkeyopt pad-mode:none
-in ${TMPPDIR}/64Brandom.bin
-out ${TMPPDIR}/raw-sig.bin
Public Key operation error
40E7F092A47F0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971:
## Sign and Verify with provided Hash and RSA
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)