Invalid engine "zymkey_ssl" issue

HSM6
1

Hello,

I recently bought the HSM 6 and am having an issue with creating a CSR using OpenSSL.
The HSM 6 works fine and I have been able to create a key pair in slot 16.

The thing is I now want to create a CSR and sign it using this private key I stored in slot 16. But when I run the command, I always got that “Invalid engine ‘zymkey_ssl’” issue.

$ ZK_SSL_SLOT=16 openssl req -key bogus.key -new -out myCert.csr -engine zymkey_ssl -keyform e
Invalid engine "zymkey_ssl"
4090218F7F000000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/aarch64-linux-gnu/engines-3/zymkey_ssl.so): /usr/lib/aarch64-linux-gnu/engines-3/zymkey_ssl.so: cannot open shared object file: No such file or directory
4090218F7F000000:error:12800067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:152:
4090218F7F000000:error:13000084:engine routines:dynamic_load:dso not found:../crypto/engine/eng_dyn.c:442:
4090218F7F000000:error:13000074:engine routines:ENGINE_by_id:no such engine:../crypto/engine/eng_list.c:433:id=zymkey_ssl
4090218F7F000000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(libzymkey_ssl.so): libzymkey_ssl.so: cannot open shared object file: No such file or directory
4090218F7F000000:error:12800067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:152:
4090218F7F000000:error:13000084:engine routines:dynamic_load:dso not found:../crypto/engine/eng_dyn.c:442:
No engine specified for loading private key
No filename or uri specified for loading
 private key

I am using the following Openssl version :

$ openssl version
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)

And the following Raspbian version :

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:        12
Codename:       bookworm

Thank a lot to anyone who could help me !

2

OK guys, I found what was the problem. I’m witting this in case of someone is experiencing the same problem as me.

Changing OpenSSL version and Curl was useless for me, so 2017 posts are a bit too old and not useful anymore.

So :
First, run this command to find were is the libzymkey_ssl.so library installed on your system :
sudo find / -name libzymkey_ssl.so
The command returned this for me :
/opt/libzymkeyssl/libzymkey_ssl.so

Then you have to copy this file into the OpenSSL engine-3 directory :
$ cp /opt/libzymkeyssl/libzymkey_ssl.so /usr/lib/aarch64-linux-gnu/engines-3/zymkey_ssl.so
This is where OpenSSL searches when you provide a -engine argument.

Then you can run your command using the Zymkey engine !

If anyone knows where I was supposed to find about this in the documentation, please tell me !

3

We have updated the libzymkeyssl package post-install script to take into account openssl1.1 and openssl3. New version is 1.0.11. libzymkey_ssl.so will now be copied to the proper engine location for all currently supported OS versions.

1 Like