Hi,
I'm running the PKCS#11 PubSub sample from the AWS IoT Device SDK v2, and get a runtime error 1076.
I first check my keys and certificates with the PubSub sample (ie without PKCS11), all is working fine
python3 aws-iot-device-sdk-python-v2/samples/pubsub.py --endpoint <myendpoint> --root-ca ./Certificates/SFSRootCAG2.pem --cert ./Certificates/deviceCert.pem --key ./Certificates/deviceKey.pem
I then installed softhsm, imported my devicekey, all is ok (from pkcs11-tool):
Available slots:
Slot 0 (0x5f3dbf83): SoftHSM slot ID 0x5f3dbf83
token label : mytoken
token manufacturer : SoftHSM project
token model : SoftHSM v2
token flags : login required, rng, token initialized, PIN initialized, other flags=0x20
hardware version : 2.4
firmware version : 2.4
serial num : 78b981975f3dbf83
pin min/max : 4/255
Using slot 0 with a present token (0x5f3dbf83)
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104b3100bc7f44c0f35b21b881720f7806536d9eec6ef32a6401ef676053b4567a19080f55e8f3e76523e7de573c3c69d17d1b3553068bb80de82d633045c421ebf
EC_PARAMS: 06082a8648ce3d030107
label: devicekey
ID: 5f3dbf83
Usage: verify
Private Key Object; EC
label: devicekey
ID: 5f3dbf83
Usage: sign
I then run the following
python3 aws-iot-device-sdk-python-v2/samples/pkcs11_pubsub.py --endpoint <myendpoint> --root-ca ./Certificates/SFSRootCAG2.pem --cert ./Certificates/deviceCert.pem --pkcs11-lib /usr/lib/softhsm/libsofthsm2.so --pin 123456 --token-label mytoken --key-label devicekey
Loading PKCS#11 library '/usr/lib/softhsm/libsofthsm2.so' ...
Loaded!
Traceback (most recent call last):
File "aws-iot-device-sdk-python-v2/samples/pkcs11_pubsub.py", line 100, in <module>
keep_alive_secs=30)
File "/home/pi/.local/lib/python3.7/site-packages/awsiot/mqtt_connection_builder.py", line 304, in mtls_with_pkcs11
return _builder(tls_ctx_options, **kwargs)
File "/home/pi/.local/lib/python3.7/site-packages/awsiot/mqtt_connection_builder.py", line 189, in _builder
tls_ctx = awscrt.io.ClientTlsContext(tls_ctx_options)
File "/home/pi/.local/lib/python3.7/site-packages/awscrt/io.py", line 511, in init
options._pkcs11_cert_file_contents,
RuntimeError: 1076 (AWS_ERROR_PKCS11_KEY_TYPE_UNSUPPORTED): PKCS#11 key type not supported
Note I'm using P256 keys. Could it be the issue ie that ECC keys are not supported when using PKCS11?