Skip to content

PKCS11_get_private_key returned NULL #413

New issue
New issue
Open
Open
PKCS11_get_private_key returned NULL#413
@tisrico

Description

@tisrico
tisrico
opened on Jan 15, 2026

Please see the logs

root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.6 LTS"
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# sudo p11-kit list-modules
p11-kit-trust: p11-kit-trust.so
library-description: PKCS#11 Kit Trust Module
library-manufacturer: PKCS#11 Kit
library-version: 0.23
token: System Trust
manufacturer: PKCS#11 Kit
model: p11-kit-trust
serial-number: 1
hardware-version: 0.23
flags:
write-protected
token-initialized
cryptoauthlib: /usr/lib/libcryptoauth.so
library-description: Cryptoauthlib PKCS11 Interface
library-manufacturer: Microchip Technology Inc
library-version: 3.3
token: device
manufacturer: Microchip Technology Inc
model: ATECC608B
serial-number: 23A69CAB28AA1F01
hardware-version: 0.3
firmware-version: 255.255
flags:
rng
token-initialized
opensc-pkcs11: opensc-pkcs11.so
library-description: OpenSC smartcard framework
library-manufacturer: OpenSC Project
library-version: 0.17
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# p11tool --info pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device
Object 0:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%69%42%b7%5a%38%be%65%35%f4%22%d1%2b%fd%a3%31%9a%e1%0d%94%fc;object=device;type=private
Type: Private key
Label: device
Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: 69:42:b7:5a:38:be:65:35:f4:22:d1:2b:fd:a3:31:9a:e1:0d:94:fc

Object 1:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%69%42%b7%5a%38%be%65%35%f4%22%d1%2b%fd%a3%31%9a%e1%0d%94%fc;object=device;type=public
Type: Public key
Label: device
ID: 69:42:b7:5a:38:be:65:35:f4:22:d1:2b:fd:a3:31:9a:e1:0d:94:fc

Object 2:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%69%42%b7%5a%38%be%65%35%f4%22%d1%2b%fd%a3%31%9a%e1%0d%94%fc;object=device;type=cert
Type: X.509 Certificate
Label: device
ID: 69:42:b7:5a:38:be:65:35:f4:22:d1:2b:fd:a3:31:9a:e1:0d:94:fc

Object 3:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%bc%dc%f1%68%6f%cc%71%45%a7%c6%a6%f8%08%45%4b%d5%4d%78%d5%6f;object=signer;type=cert
Type: X.509 Certificate
Label: signer
Flags: CKA_CERTIFICATE_CATEGORY=CA; CKA_TRUSTED;
ID: bc:dc:f1:68:6f:cc:71:45:a7:c6:a6:f8:08:45:4b:d5:4d:78:d5:6f

root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# sudo pkcs11-tool --module /usr/lib/libcryptoauth.so --login --pin 1234 --list-objects
Using slot 0 with a present token (0x0)
error: PKCS11 function C_Login failed: rv = CKR_CANT_LOCK (0xa)
Aborting.
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# sudo pkcs11-tool --module /usr/lib/libcryptoauth.so --list-objects
Using slot 0 with a present token (0x0)
Data object 2
label: ''
application:
app_id:
flags:
Data object 3
label: ''
application:
app_id:
flags:
Data object 4
label: ''
application:
app_id:
flags:
Data object 5
label: ''
application:
app_id:
flags:
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# sudo curl -X POST --engine pkcs11 --key-type ENG --key "pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%69%42%b7%5a%38%be%65%35%f4%22%d1%2b%fd%a3%31%9a%e1%0d%94%fc;object=device;type=private" --cert-type ENG --cert "pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=23A69CAB28AA1F01;token=device;id=%69%42%b7%5a%38%be%65%35%f4%22%d1%2b%fd%a3%31%9a%e1%0d%94%fc;object=device;type=cert" -H "Content-Type: application/json" -d '{"deviceId":"12345","status":"ok"}' https://ozmwf0p7o3.execute-api.ap-southeast-2.amazonaws.com/dev/v1/reports
Found slot without user PIN
Found slot without user PIN
PKCS11_get_private_key returned NULL
curl: (58) failed to load private key from crypto engine
echo
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# echo $OPENSSL_ENGINES
/usr/lib/engines-1.1
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# echo $PKCS11_MODULE_PATH
/usr/lib/libcryptoauth.so
root@jeteye:/home/jeteye/test/smartdvr-fluxtrack# sudo openssl engine -t pkcs11
(pkcs11) pkcs11 engine
[ available ]

=== open ssl configuration ===
openssl_conf = openssl_init

[openssl_init]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/aarch64-linux-gnu/engines-1.1/pkcs11.so
MODULE_PATH = /usr/lib/libcryptoauth.so
init = 0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions