[continued from previous message]
Public Key Object; RSA 2048 bits
label: caCert
ID: 0000
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=public
Public Key Object; EC_EDWARDS EC_POINT 272 bits
EC_POINT: 04209d160e5d8797c5146f6f4727d518dd4e4f976bbbb488d7dcd9ab2141f6137cd2
EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519)
label: edCert
ID: 0004
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=public
Private Key Object; EC_EDWARDS
label: ed2Cert
ID: 0009
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private
Certificate Object; type = X.509 cert
label: caCert
subject: DN: CN=Issuer
serial: 02
ID: 0000
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert
Private Key Object; RSA
label: testCert
ID: 0001
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=private
Certificate Object; type = X.509 cert
label: ecCert3
subject: DN: O=PKCS11 Provider, CN=My EC Cert 3
serial: 0A
ID: 0008
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104c1842e81b2469ee3cc032172505d1355731de7ef2f745fe90ee52b485c2b8c3c7cb528a5f4d1c5c5e945d41ecce396f4b648cad5650bc97365933a20d38afdbb
EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
label: ecCert
ID: 0002
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public
Certificate Object; type = X.509 cert
label: ed2Cert
subject: DN: O=PKCS11 Provider, CN=My ED448 Cert
serial: 07
ID: 0009
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert
Private Key Object; EC
label: ecCert2
ID: 0006
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private
Private Key Object; EC
label: ecCert
ID: 0002
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private
Certificate Object; type = X.509 cert
label: edCert
subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert
serial: 06
ID: 0004
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert
----------------------------------------------------------------------------------------------------
## Output configurations
Generate openssl config file
Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars
## ########################################
----------------------------------- stderr -----------------------------------
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=softhsm
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' softhsm == softhsm ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library'
++ case "$1" in
++ shift 1
++ echo '########################################'
++ echo '## Searching for SoftHSM PKCS#11 library'
++ echo ''
++ command -v softhsm2-util
+++++ type -p softhsm2-util
++++ dirname /usr/bin/softhsm2-util
+++ dirname /usr/bin
++ softhsm_prefix=/usr
++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/
lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
++ for _lib in "$@"
++ test -f /usr/lib64/softhsm/libsofthsm2.so
++ for _lib in "$@"
++ test -f /usr/lib/softhsm/libsofthsm2.so
++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so'
++ P11LIB=/usr/lib/softhsm/libsofthsm2.so
++ return
++ export P11LIB
++ title SECTION 'Set up testing system'
++ case "$1" in
++ shift 1
++ echo '########################################'
++ echo '## Set up testing system'
++ echo ''
++ cat
++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf
++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf
++ export 'TOKENLABEL=SoftHSM Token'
++ TOKENLABEL='SoftHSM Token'
++ export TOKENLABELURI=SoftHSM%20Token
++ TOKENLABELURI=SoftHSM%20Token
++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678
++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state'
++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state'
++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf'
++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf'
++ export TESTPORT=32000
++ TESTPORT=32000
++ export SUPPORT_ALLOWED_MECHANISMS=1
++ SUPPORT_ALLOWED_MECHANISMS=1
+ SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin
+ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1
+ RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin
+ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32
++ uname
+ '[' Linux == Darwin ']'
++ type -p certtool
+ certtool=/usr/bin/certtool
+ '[' -z /usr/bin/certtool ']'
+ P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}")
+ cat
+ SERIAL=1
+ title LINE 'Creating new Self Sign CA'
+ case "$1" in
+ shift 1
+ echo 'Creating new Self Sign CA'
+ KEYID=0000
+ URIKEYID=%00%00
+ CACRTN=caCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000
+ crt_selfsign caCert Issuer 0000
+ LABEL=caCert
+ CN=Issuer
+ KEYID=0000
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg
+ /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert
+ CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem
+ CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt
+ openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem
+ CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678'
+ CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ CABASEURI=pkcs11:id=%00%00
+ CAPUBURI='pkcs11:type=public;id=%00%00'
+ CAPRIURI='pkcs11:type=private;id=%00%00'
+ CACRTURI='pkcs11:type=cert;object=caCert'
+ title LINE 'RSA PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA PKCS11 URIS'
+ echo 'pkcs11:id=%00%00?pin-value=12345678'
+ echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%00
+ echo 'pkcs11:type=public;id=%00%00'
+ echo 'pkcs11:type=private;id=%00%00'
+ echo 'pkcs11:type=cert;object=caCert'
+ echo ''
+ cat /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg
+ echo 'organization = "PKCS11 Provider"'
+ sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ KEYID=0001
+ URIKEYID=%00%01
+ TSTCRTN=testCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001
+ ca_sign testCert 'My Test Cert' 0001
+ LABEL=testCert
+ CN='My Test Cert'
+ KEYID=0001
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 03
Validity:
Not Before: Sat Apr 12 10:06:36 UTC 2025
Not After: Sun Apr 12 10:06:36 UTC 2026
Subject: CN=My Test Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:c7:2e:8b:6f:33:8e:90:53:09:00:82:cb:12:36:4a
ef:5b:ae:3e:72:c4:a6:ff:71:c2:37:bb:d8:a9:3b:b6
02:75:ee:f0:55:53:e9:8c:26:73:5c:8c:d4:9a:aa:50
de:d9:1e:fb:66:32:04:78:ea:70:87:81:26:7b:c1:fb
12:ad:e8:ea:ba:b0:74:3a:20:a2:f8:e5:db:77:56:18
fc:2e:f7:3f:9f:23:85:58:e8:c9:99:e4:0b:24:62:6f
62:7f:a8:86:a5:88:43:80:64:ff:71:fd:44:3b:0b:b9
a9:b6:da:62:77:2e:51:cf:65:67:19:d8:90:06:c8:eb
e9:67:de:26:ad:57:05:5d:bc:1e:cc:29:0a:f2:41:28
04:24:7f:21:99:82:4f:b8:16:38:5a:d6:14:42:76:d4
9b:96:93:2a:fb:59:9d:31:69:a3:51:f4:ef:04:74:c6
41:21:92:78:b1:c0:03:98:88:83:9f:fa:d9:ed:41:90
f7:c7:c2:e9:17:02:25:47:d9:af:d4:86:d0:9a:c6:ce
fd:a8:bc:61:02:17:e1:9d:d6:88:53:93:64:15:f7:16
7f:1e:d5:77:d2:25:43:e6:c9:53:7d:aa:52:d3:b8:9a
db:cd:50:d1:ff:36:60:d4:29:81:0a:e0:bc:2b:85:fa
f1
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: [email protected]
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
f4387cadeb044a4884e092700894ec1e7823581b
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:f4387cadeb044a4884e092700894ec1e7823581b
sha256:9b9b4a7e4591c4478be16c853d62c1354178893017cbfc41840c0ad51755d780
Public Key PIN:
pin-sha256:m5tKfkWRxEeL4WyFPWLBNUF4iTAXy/xBhAwK1RdV14A=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=
testCert
+ BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678'
+ BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ BASEURI=pkcs11:id=%00%01
+ PUBURI='pkcs11:type=public;id=%00%01'
+ PRIURI='pkcs11:type=private;id=%00%01'
+ CRTURI='pkcs11:type=cert;object=testCert'
+ title LINE 'RSA PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA PKCS11 URIS'
+ echo 'pkcs11:id=%00%01?pin-value=12345678'
+ echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%01
+ echo 'pkcs11:type=public;id=%00%01'
+ echo 'pkcs11:type=private;id=%00%01'
+ echo 'pkcs11:type=cert;object=testCert'
+ echo ''
+ KEYID=0002
+ URIKEYID=%00%02
+ ECCRTN=ecCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002
+ ca_sign ecCert 'My EC Cert' 0002
+ LABEL=ecCert
+ CN='My EC Cert'
+ KEYID=0002
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 04
Validity:
Not Before: Sat Apr 12 10:06:36 UTC 2025
Not After: Sun Apr 12 10:06:36 UTC 2026
Subject: CN=My EC Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: High (256 bits)
Curve: SECP256R1
X:
00:c1:84:2e:81:b2:46:9e:e3:cc:03:21:72:50:5d:13
55:73:1d:e7:ef:2f:74:5f:e9:0e:e5:2b:48:5c:2b:8c
3c
Y:
7c:b5:28:a5:f4:d1:c5:c5:e9:45:d4:1e:cc:e3:96:f4
b6:48:ca:d5:65:0b:c9:73:65:93:3a:20:d3:8a:fd:bb
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: [email protected]
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
bf8bd27305fe6a5d34be9b1aeef8867c71dbadb6
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:bf8bd27305fe6a5d34be9b1aeef8867c71dbadb6
sha256:f142260438b66b786c0e91253f179a60d6223d2c8161323e6b8acb1692d47e50
Public Key PIN:
pin-sha256:8UImBDi2a3hsDpElPxeaYNYiPSyBYTI+a4rLFpLUflA=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert
+ ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678'
+ ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASEURI=pkcs11:id=%00%02
+ ECPUBURI='pkcs11:type=public;id=%00%02'
+ ECPRIURI='pkcs11:type=private;id=%00%02'
+ ECCRTURI='pkcs11:type=cert;object=ecCert'
+ KEYID=0003
+ URIKEYID=%00%03
+ ECPEERCRTN=ecPeerCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003
+ crt_selfsign ecPeerCert 'My Peer EC Cert' 0003
+ LABEL=ecPeerCert
+ CN='My Peer EC Cert'
+ KEYID=0003
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg
+ /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=
ecPeerCert
+ ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678'
+ ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECPEERBASEURI=pkcs11:id=%00%03
+ ECPEERPUBURI='pkcs11:type=public;id=%00%03'
+ ECPEERPRIURI='pkcs11:type=private;id=%00%03'
+ ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert'
+ title LINE 'EC PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC PKCS11 URIS'
+ echo 'pkcs11:id=%00%02?pin-value=12345678'
+ echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%02
+ echo 'pkcs11:type=public;id=%00%02'
+ echo 'pkcs11:type=private;id=%00%02'
+ echo 'pkcs11:type=cert;object=ecCert'
+ echo 'pkcs11:id=%00%03?pin-value=12345678'
+ echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%03
+ echo 'pkcs11:type=public;id=%00%03'
+ echo 'pkcs11:type=private;id=%00%03'
+ echo 'pkcs11:type=cert;object=ecPeerCert'
+ echo ''
+ '[' 1 -eq 1 ']'
+ KEYID=0004
+ URIKEYID=%00%04
+ EDCRTN=edCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004
+ ca_sign edCert 'My ED25519 Cert' 0004
+ LABEL=edCert
+ CN='My ED25519 Cert'
+ KEYID=0004
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 06
Validity:
Not Before: Sat Apr 12 10:06:36 UTC 2025
Not After: Sun Apr 12 10:06:36 UTC 2026
Subject: CN=My ED25519 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EdDSA (Ed25519)
Algorithm Security Level: High (256 bits)
Curve: Ed25519
X:
9d:16:0e:5d:87:97:c5:14:6f:6f:47:27:d5:18:dd:4e
4f:97:6b:bb:b4:88:d7:dc:d9:ab:21:41:f6:13:7c:d2
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: [email protected]
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
f8719a32af64cc2248482ecc08d07ea4e6c87c1c
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:f8719a32af64cc2248482ecc08d07ea4e6c87c1c
sha256:bd05f12b3f4416d3e858e502cf89e985004d6a522fa8f147ad7e7adee752ab1d
Public Key PIN:
pin-sha256:vQXxKz9EFtPoWOUCz4nphQBNalIvqPFHrX563udSqx0=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert
+ EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678'
+ EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ EDBASEURI=pkcs11:id=%00%04
+ EDPUBURI='pkcs11:type=public;id=%00%04'
+ EDPRIURI='pkcs11:type=private;id=%00%04'
+ EDCRTURI='pkcs11:type=cert;object=edCert'
+ title LINE 'ED25519 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'ED25519 PKCS11 URIS'
+ echo 'pkcs11:id=%00%04;pin-value=12345678'
+ echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%04
+ echo 'pkcs11:type=public;id=%00%04'
+ echo 'pkcs11:type=private;id=%00%04'
+ echo 'pkcs11:type=cert;object=edCert'
+ '[' 1 -eq 1 ']'
+ KEYID=0009
+ URIKEYID=%00%09
+ ED2CRTN=ed2Cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009
+ ca_sign ed2Cert 'My ED448 Cert' 0009
+ LABEL=ed2Cert
+ CN='My ED448 Cert'
+ KEYID=0009
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 07
Validity:
Not Before: Sat Apr 12 10:06:36 UTC 2025
Not After: Sun Apr 12 10:06:36 UTC 2026
Subject: CN=My ED448 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EdDSA (Ed448)
Algorithm Security Level: Ultra (456 bits)
Curve: Ed448
X:
06:30:62:cb:56:9a:53:17:cd:25:0a:d5:c7:d7:af:0f
4d:db:20:8e:4e:5a:b3:8e:f1:36:74:d1:54:83:6d:97
b7:73:1a:06:49:c3:24:c9:96:f3:c0:1d:aa:17:ed:4e
d3:c6:4d:6e:20:5c:a2:ad:00
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: [email protected]
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
3ab7830e1db2c4d83eee98cc82a7e7dda9794b58
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:3ab7830e1db2c4d83eee98cc82a7e7dda9794b58
sha256:19caec9989d679595438001d3939bcca83a46a8eee2ab86633ebadf9c49c773c
Public Key PIN:
pin-sha256:GcrsmYnWeVlUOAAdOTm8yoOkao7uKrhmM+ut+cScdzw=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert
+ ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678'
+ ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ ED2BASEURI=pkcs11:id=%00%09
+ ED2PUBURI='pkcs11:type=public;id=%00%09'
+ ED2PRIURI='pkcs11:type=private;id=%00%09'
+ ED2CRTURI='pkcs11:type=cert;object=ed2Cert'
+ title LINE 'ED448 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'ED448 PKCS11 URIS'
+ echo 'pkcs11:id=%00%09;pin-value=12345678'
+ echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%09
+ echo 'pkcs11:type=public;id=%00%09'
+ echo 'pkcs11:type=private;id=%00%09'
+ echo 'pkcs11:type=cert;object=ed2Cert'
+ title PARA 'generate RSA key pair, self-signed certificate, remove public key'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']'
+ KEYID=0005
+ URIKEYID=%00%05
+ TSTCRTN=testCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005
+ ca_sign testCert2 'My Test Cert 2' 0005
+ LABEL=testCert2
+ CN='My Test Cert 2'
+ KEYID=0005
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --
provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-
provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Sun Apr 12 10:06:37 2026
CA expiration time: Sun Apr 12 10:06:36 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 08
Validity:
Not Before: Sat Apr 12 10:06:37 UTC 2025
Not After: Sun Apr 12 10:06:37 UTC 2026
Subject: CN=My Test Cert 2,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:99:7e:49:63:cb:28:9f:eb:f8:be:da:ac:a5:3b:0a
76:94:b8:4b:81:27:96:4d:8f:19:d9:c3:d8:9f:a3:b9
77:56:98:0e:c0:6f:de:a0:5c:03:4d:88:59:35:a7:38
97:4a:e3:97:c3:7b:6e:3b:cc:7a:71:05:55:6e:85:27
67:0f:bb:0c:d1:81:96:f0:26:01:4a:15:26:b1:ca:de
5e:d0:6e:8a:8a:91:24:02:5d:e4:4a:cc:19:e9:d5:96
3e:c2:bc:4c:32:bc:51:43:72:02:9a:3c:8a:35:7c:c4
42:d2:fc:9e:d9:ef:ca:08:4b:51:c0:9d:79:d4:7e:3b
81:eb:85:16:f4:b9:b8:bd:d0:cf:d0:b9:7f:40:53:13
d9:8a:7f:60:22:7e:dd:72:48:5a:1d:87:b6:a6:35:03
37:fa:03:37:eb:3c:24:23:97:73:cf:d1:79:23:ea:94
91:c1:47:ab:d6:33:43:2d:6e:1f:3f:33:84:ac:2e:8f
7b:58:e3:c3:0f:b6:df:91:ed:e5:f3:bc:7b:2b:88:19
00:69:86:11:37:ca:0e:e0:bc:9a:f7:66:13:90:36:a5
5a:8b:b4:70:26:a7:eb:aa:2b:57:61:01:d5:5f:a0:1e
d0:11:62:d6:7e:2b:4b:f1:d4:da:af:0d:a7:5b:95:65
f7
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: [email protected]
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
f98af7469e7721d25aa2942af5488dd40a64a3bf
Authority Key Identifier (not critical):
2ca0f2260aede7a30019ccc81dbf836bef78a80f
Other Information:
Public Key ID:
sha1:f98af7469e7721d25aa2942af5488dd40a64a3bf
sha256:45368934f23db5d6483cd70d4a454f24be538d9c3f64e4c377cd486801b15feb
Public Key PIN:
pin-sha256:RTaJNPI9tdZIPNcNSkVPJL5TjZw/ZOTDd81IaAGxX+s=
Signing certificate...
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)