New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
loading multiple modules with pkcs11-tool #784
Comments
Douglas E. Engert DEEngert@gmail.com |
The point of a module is that it is self contained, and linked with all the shared libraries it needs. It should not have any link dependencies on routines in the calling application. It can uses different versions of libraries then the application uses. Other examples of modules include PAM modules and browsers plugins. opensc-pkcs11.so is the OpenSC module to implement the PKCS#11 API. It is inked with libopensc.so and other OpenSC libs. libp11 is a helper library designed to make it easier to use PKCS#11 in applications without having to program to the PKCS#11 API. It will dlopen a pkcs#11 module. engine_pkcs11 was an OpenSSL engine module that used libp11 it was so dependent on the versions of OpenSSL and libp11, that it is now included in libp11 as the libp11 can be uses as the engine too. pkcs11-helper (Which I have never used) is another library to make using PKCS#11 "easier" to use. pkcs11-spy is a PKCS#11 API module that traces all calls and returns of another PKCS#11 module that pkcs11-spy dlopens. |
@dengert Thank you very much, it's much clearer now. |
Hi,
I just have some questions regarding OpenSC implementation and sub projects.
I have currently a software implementation library for PKCS#11 API functions (C_Login, C_Verify, C_Encrypt ...), not regarding any hardware. Lets assume it is lib_pkcs11.so
1:
I want to use it with pkcs11-tool however, this library (lib_pkcs11.so) uses functions from another shared library (lets assume lib_other.so) so if I write :
pkcs11-tool --module /path/to/lib_pkcs11.so
I have the error :
pkcs11-tool: symbol lookup error: /path/to/lib_pkcs11.so: undefined symbol: <symbol>
Is is possible to add another module to look for it into pkcs11-tool --module option ?
I tried
pkcs11-tool --module /path/to/lib_pkcs11.so /path/to/lib_other.so
but it's not working.2:
I want to use the same library (lib_pkcs11.so) using OpenSSL PKCS#11 engine to perform basic operations for example digest SHA1 using openssl.
I still have the problem to load both library lib_pkcs11.so and lib_other.so.
I'm using command :
openssl engine dynamic -pre SO_PATH:/path/to/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/lib_pkcs11.so -t -c
If I'm understand well, MODULE_PATH correspond to library containing implementation for PKCS#11 API so corresponding to my software implementation lib_pkcs11.so.
3:
I don't understand what is the difference between libp11.so, opensc-pkcs11.so and pkcs11-helper and why engine_pkcs11 has been merged into libp11.
Thank you very much for your help.
The text was updated successfully, but these errors were encountered: