Trouble shooting with the IBMCA provider
Read about the trouble shooting and debug facilities when working with the IBMCA provider.
If the provider is configured properly, the openssl list -providers command returns the following output:
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.1
status: active
ibmca
name: ibmca
version: 2.3.0
status: active
List the cryptographic methods implemented by the activated providers as follows:
$ openssl list -key-managers
...
Name: IBMCA RSA implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ ibmca
Name: IBMCA DH implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ ibmca
Name: IBMCA EC implementation
Type: Provider Algorithm
IDs: { 1.2.840.10045.2.1, EC, id-ecPublicKey } @ ibmca
Name: IBMCA RSA-PSS implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ ibmca
Name: IBMCA DHX implementation
Type: Provider Algorithm
IDs: { 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ ibmca
...
$ openssl list -signature-algorithms
...
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ ibmca
ECDSA @ ibmca
...
$ openssl list -asymcipher-algorithms
...
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ ibmca
...
$ openssl list -key-exchange-algorithms
...
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ ibmca
ECDH @ ibmca
....
You can set the following environment variable to obtain debug information:
- IBMCA_DEBUG
- If $IBMCA_DEBUG is set to
stderr, debug output tostderrfor the IBMCA provider is enabled. If it is set toon, the debug output is written into a trace file in /usr/local/var/log/ibmca/trace-<providername>.<pid>, where<pid>is the process ID of the current process.