Invalid engine "zymkey_ssl"


#1

Hello,

I had to start with a fresh copy of the OS (latest Raspbian) on my Raspberry Pi 3, and I followed the getting started guide (following the raspi-config tutorial to enable i2c, etc). It was flashing once every 3 seconds like it should, so I proceeded with the steps for AWS IoT Just In Time Registration and when I got to here I got stuck:

When I attempt to run the command, I get the following errors:

I’ve noticed now that the blue LED does not flash anymore except when I reboot the Raspberry Pi. Any idea what’s going on here?

Edit: I followed procedure to enable I2C again and now it’s flashing once every 3 seconds again. However, the issue invalid engine “zymkey_ssl” persists.


#2

After about 10 minutes the blue LED stops flashing completely. When I reboot, it starts working again. Also, I am getting this message as well…


#3

Thanks for bringing this issue to our attention. The problem is that the newest version of Raspbian (Stretch) uses OpenSSL 1.1, which our engine needs to be updated for. For now the solution is to uninstall OpenSSL, and reinstall version 1.0.1t which is the last version of Raspbian (Jessie) uses. Here’s how to do this.

First let’s make sure you there was no issue when you were installing Zymkey. If the lights are flashing periodically, it should be good, but lets try a simpe test.

On the command line open up Python, with the command python. Then try the following code:

import zymkey

zymkey.client.sign('hello world!')

This should return a bytearray that the Zymkey has signed. If this works we can move onto OpenSSL.

  1. First, let’s uninstall your current version.

    sudo apt-get remove openssl
    
  2. Now we will switch to the Jessie repository to install OpenSSL 1.0.1t. Open up the repo file with this command.

    sudo nano /etc/apt/sources.list
    

    Change the word stretch to jessie. The link should look like this
    deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
    Press ctrl-O then ctrl-M to save.

  3. Now update your repo info.

    sudo apt-get update
    
  4. At this point you can reinstall OpenSSL.

    sudo apt-get install openssl
    
  5. If everything was done correctly, your OpenSSL version should be 1.0.1t. You can check it with this command:

    openssl version
    
  6. Next we will change you back to the Raspbian Stretch repos. Change /etc/apt/sources.list back to stretch.

  7. Finally we will tell OpenSSL to not update past this version, re-update your repo info and then reboot.

    sudo apt-mark hold openssl
    sudo apt-get update
    sudo reboot
    

If you have any other issues, feel free to let us know!


#4

That got me to the next stage. but now I think I’m having the same issue with Curl?

Also, I am still having the issue that after about 30 minutes, the Zymkey will suddenly go from flashing once every 3 seconds to I think 4 rapid flashes, then it quits flashing until I reboot. Any ideas on troubleshooting that?


#5

We have seen similar erratic problems when their is insufficient power to the Pi (known issue on the Pi , nothing to do with Zymkey). To isolate this as a potential cause, can you confirm the Amp rating on the 5V supply you are using ? It needs to be 2A or more to ensure reliable operation of the Pi.


#6

Hey Phil,

The power supply is powering the Pi via the GPIO header, so the Zymkey is being powered from the same supply. It is capable of supplying 2.5 amps on the 5v ‘rail’.


#7

Hey Inov.

Sounds like the power supply arrangement is fine. One more HW question - do you have anything else on the I2C bus?

(Jacky will respond on possible software options under seperate post).


#8

There is a RTC on the I2C bus that is not currently used, but is showing up as /dev/rtc0


#9

Thanks Inov,

That might cause some issues if not set up correctly.


#10

I will disconnect the other hardware and report back.


#11

Hello,

Has this issue been resolved? I’m still receiving the original issue (invalid engine “zymkey_ssl”). I have tried both downgrading openssl to 1.0.1t and with openssl 1.1.0 with no successful results. I have followed all the instructions above and have had no luck getting the zymkey_ssl engine to work with openssl. I’ll be the first to say, it could vary well be a configuration issue on my end but have run out of ideas on how to troubleshoot further. Please advise. Really enjoying the product otherwise!


#12

You should be able to use native Stretch OpenSSL 1.1 support now if you update and upgrade the zymbit packages:
sudo apt-get update
sudo apt-get upgrade