Invalid engine "zymkey_ssl"?


#1

Just received my zymbit last week. Getting an error: invalid engine “zymkey_ssl” - there is only the raspberry pi and the zymbit running. All python calls work.

root@HS-2017090119:~# openssl req -key nonzymkey.key -new -out zymkey.csr -engine zymkey_ssl -keyform e -subj "/C=US/ST=California/L=Santa Barbara/O=Zymbit/OU=Zymkey/CN=rpi.edge.zymbit.com"
invalid engine "zymkey_ssl"
1996076448:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:…/crypto/dso/dso_dlfcn.c:113:filename(/usr/lib/arm-linux-gnueabihf/engines-1.1/zymkey_ssl.so): /usr/lib/arm-linux-gnueabihf/engines-1.1/zymkey_ssl.so: cannot open shared object file: No such file or directory
1996076448:error:25070067:DSO support routines:DSO_load:could not load the shared library:…/crypto/dso/dso_lib.c:161:
1996076448:error:260B6084:engine routines:dynamic_load:dso not found:…/crypto/engine/eng_dyn.c:414:
1996076448:error:2606A074:engine routines:ENGINE_by_id:no such engine:…/crypto/engine/eng_list.c:339:id=zymkey_ssl
1996076448:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:…/crypto/dso/dso_dlfcn.c:113:filename(libzymkey_ssl.so): libzymkey_ssl.so: cannot open shared object file: No such file or directory
1996076448:error:25070067:DSO support routines:DSO_load:could not load the shared library:…/crypto/dso/dso_lib.c:161:
1996076448:error:260B6084:engine routines:dynamic_load:dso not found:…/crypto/engine/eng_dyn.c:414:
no engine specified
unable to load Private Key


#2

Hi, I’ll be updating the Getting Started post today to reflect this information, but the problem is that Raspbian Stretch uses OpenSSL version 1.1 which is currently not supported by the Zymkey_SSL engine. The solution is to downgrade CURL and OpenSSL to the Raspbian Jessie versions. Here are instructions on how to do so.

Since your Zymkey functions work, let’s get straight to downgrading OpenSSL and CURL.

  1. First, let’s uninstall your current version.

    sudo apt-get remove openssl
    sudo apt-get remove curl rpi-update libcurl3
    
  2. Now we will switch to the Jessie repository to install OpenSSL 1.0.1t. Open up the repo file with this command.

    sudo nano /etc/apt/sources.list
    

    Change the word stretch to jessie. The link should look like this
    deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
    Press ctrl-O then ctrl-M to save.

  3. Now update your repo info.

    sudo apt-get update
    
  4. At this point you can reinstall OpenSS and CURL.

    sudo apt-get install openssl
    sudo apt-get install curl rpi-update libcurl3
    
  5. If everything was done correctly, your OpenSSL version should be 1.0.1t. You can check it with this command:

    openssl version
    
  6. Next we will change you back to the Raspbian Stretch repos. Change /etc/apt/sources.list back to stretch.

  7. Finally we will tell OpenSSL to not update past this version, re-update your repo info and then reboot.

    sudo apt-mark hold openssl
    sudo apt-mark hold curl libcurl3
    sudo apt-get update
    sudo reboot
    

If you have any other issues, feel free to let us know!