python - Need help using M2Crypto.Engine to access USB Token

Question

I am using M2Crypto-0.20.2. I want to use engine_pkcs11 from the OpenSC project and the Aladdin PKI client for token based authentication making xmlrpc calls over ssl.

from M2Crypto import Engine

Engine.load_dynamic()
dynamic = Engine.Engine('dynamic')
# Load the engine_pkcs from the OpenSC project
dynamic.ctrl_cmd_string("SO_PATH", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
Engine.cleanup()

Engine.load_dynamic()
# Load the Aladdin PKI Client
aladdin = Engine.Engine('dynamic')
aladdin.ctrl_cmd_string("SO_PATH", "/usr/lib/libeTPkcs11.so")

key = aladdin.load_private_key("PIN","password")

This is the error I receive:

key = pkcs.load_private_key("PIN","eT0ken")
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 70, in load_private_key
    return self._engine_load_key(m2.engine_load_private_key, name, pin)
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 60, in _engine_load_key
    raise EngineError(Err.get_error())
M2Crypto.Engine.EngineError: 23730:error:26096075:engine routines:ENGINE_load_private_key:not initialised:eng_pkey.c:112:

For load_private_key(), what should be passed as the first argument? The M2Crypto documentation does not explain it.

I don't get any errors loading the engines, but I'm not sure if I'm loading them correctly. It seems like the engine ID has to be a specific name but I don't find that list anywhere. 'dynamic' is working for me.

Any help would be appreciated!

Answer 1

Found !!!!

Yes, exactly the way where I came from.

So, actually the ENGINE_init() is not implemented in M2Crypto.Engine. So, only one solution: patching!!! (very small...) so I've created a new Engine method (in Engine.py)

def engine_initz(self):
        """Return engine name"""
        return m2.engine_initz(self._ptr)

Why engine_initz ? because engine_init is already define in SWIG/_engine.i,:

void engine_init(PyObject *engine_err) {
    Py_INCREF(engine_err);
    _engine_err = engine_err;
}

I don't really know what is done, so I've prefered creating a new one... So I've just added the following to SWIG/_engine.i:

%rename(engine_initz) ENGINE_init;
extern int ENGINE_init(ENGINE *);

And recompile the __m2crypto.so, now just add a "pkcs11.engine_initz()" before launching the private key, and it works.....