I had to start with a fresh copy of the OS (latest Raspbian) on my Raspberry Pi 3, and I followed the getting started guide (following the raspi-config tutorial to enable i2c, etc). It was flashing once every 3 seconds like it should, so I proceeded with the steps for AWS IoT Just In Time Registration and when I got to here I got stuck:
When I attempt to run the command, I get the following errors:
I’ve noticed now that the blue LED does not flash anymore except when I reboot the Raspberry Pi. Any idea what’s going on here?
Edit: I followed procedure to enable I2C again and now it’s flashing once every 3 seconds again. However, the issue invalid engine “zymkey_ssl” persists.
Thanks for bringing this issue to our attention. The problem is that the newest version of Raspbian (Stretch) uses OpenSSL 1.1, which our engine needs to be updated for. For now the solution is to uninstall OpenSSL, and reinstall version 1.0.1t which is the last version of Raspbian (Jessie) uses. Here’s how to do this.
First let’s make sure you there was no issue when you were installing Zymkey. If the lights are flashing periodically, it should be good, but lets try a simpe test.
On the command line open up Python, with the command python. Then try the following code:
This should return a bytearray that the Zymkey has signed. If this works we can move onto OpenSSL.
First, let’s uninstall your current version.
sudo apt-get remove openssl
Now we will switch to the Jessie repository to install OpenSSL 1.0.1t. Open up the repo file with this command.
That got me to the next stage. but now I think I’m having the same issue with Curl?
Also, I am still having the issue that after about 30 minutes, the Zymkey will suddenly go from flashing once every 3 seconds to I think 4 rapid flashes, then it quits flashing until I reboot. Any ideas on troubleshooting that?
We have seen similar erratic problems when their is insufficient power to the Pi (known issue on the Pi , nothing to do with Zymkey). To isolate this as a potential cause, can you confirm the Amp rating on the 5V supply you are using ? It needs to be 2A or more to ensure reliable operation of the Pi.
Has this issue been resolved? I’m still receiving the original issue (invalid engine “zymkey_ssl”). I have tried both downgrading openssl to 1.0.1t and with openssl 1.1.0 with no successful results. I have followed all the instructions above and have had no luck getting the zymkey_ssl engine to work with openssl. I’ll be the first to say, it could vary well be a configuration issue on my end but have run out of ideas on how to troubleshoot further. Please advise. Really enjoying the product otherwise!
Hi, I am going through the same problem described above, I am using Raspberry pi3+, with ‘stretch’ and original 5V,2.5A raspberry pi power supply. I will briefly describe what I have tried:
I tried to downgrade the OpenSSL to 1.0.1, but it throw same error
sudo apt-get update .sudo apt-get upgrade with Stretch OpenSSL 1.1, but same error as before.
What other things should I look into?
Just to remove confusion,
I am getting ‘Invalid engine Zymkey-ssl’ error when I am trying to run the code for [AWS IoT - Signed Temperature Sensor Data using Zymkey 4i ]. I have reached the step where we create CA key and certificate, but then when I run the code ‘main.py’, It asks me for the location of certificate and key, but after that, it just simply throw [Invalid engine “zymkey_ssl”] error.
Zymkey is working fine, no binding issue as such.
Thank you for your help.
I think your problem is with the version of curl that is provided in the Raspbian Stretch repository. For some reason, the Raspbian team decided to statically link OpenSSL v1.0.2 instead of dynamically linking to the version that is provided as part of Stretch. OpenSSL did some significant refactoring from v1.0.2 to v1.1.0 in the area of Eliptical Curve accelerator plugin libraries. We chose to eventually support v1.1 in the end.
This means that you have two choices here:
You could build curl yourself and uninstall the standard curl package in the Stretch repo.
You could upgrade to Buster, where I believe curl will just work out of the box.