Skip to content
/ openssl-pkcs11-sign-provider Public

OpenSSL Provider for asymmetric operations with private PKCS#11 keys

License

Apache-2.0, Unknown licenses found

Licenses found

Apache-2.0
LICENSE
Unknown
COPYING
6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

opencryptoki/openssl-pkcs11-sign-provider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
.github/workflows
.github/workflows
 
 
man
man
 
 
misc/dbg
misc/dbg
 
 
rpm
rpm
 
 
src
src
 
 
tests
tests
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING
CONTRIBUTING
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
COPYING
COPYING
 
 
ChangeLog.md
ChangeLog.md
 
 
LICENSE
LICENSE
 
 
Makefile.am
Makefile.am
 
 
README.md
README.md
 
 
configure.ac
configure.ac
 
 
openssl.cnf.in
openssl.cnf.in
 
 

Repository files navigation

openssl-pkcs11-sign-provider

This repository provides the implementation of an OpenSSL Provider for asymmetric operations with private PKCS#11 keys. Requests with other key material will be forwarded to an OpenSSL built-in provider.

Build

This project requires OpenSSL 3.0 or later, as well as opencryptoki. Support for other PKCS#11 implementations is currently not available.

The configuration step requires m4-macros of the autotools-archive project. It is recommended to install the autotools-archive package on the build system.

To build the provider, use the following commands:

autoreconf -fiv
./configure
make

Test

This project provides some base test for the provider. The provider is PKCS#11-Module independent, but at the moment opencryptoki is the only tested module.

The tests require a working opencryptoki setup. By default, the all keys are stored in the token softtok in slot 3. The setup script uses the PIN 12345678 by default.

To setup and run the tests with the default settings for opencryptoki, use the following commands:

make clean
make check

To setup and run the tests with other token/slot settings for opencryptoki, use the following commands:

export OCK_USER_PIN="4711"
export OCK_SLOT="42"
export OCK_TOKEN="othertok"

make clean
make check

** Note **

The module setup is only executed, if the module's temporary sub-directory doesn't exist. This sub-directory is removed for all clean targets (e.g. make clean).

** Warning **

The setup script will remove generated key material in the PKCS#11 token by name. Please make sure, that no other keys with the same name exists in the token, otherwise they will be removed as well! It is highly recommended to backup all key material of a token, before starting with testing.

If the environment variables PKCS11SIGN_DEBUG (path to the logfile) is set, the provider will write debug output to a log-file.

The environment variable PKCS11SIGN_DEBUG_LEVEL specifies the log-level error (0), warning (1), info (2) or debug (3).

Install

The installation step may require further permissions. To install the provider library, use the following commands:

make
sudo make install

Configuration

For configuration, please refer to the man pages.

About

OpenSSL Provider for asymmetric operations with private PKCS#11 keys

Topics

openssl provider pkcs11

Resources

Readme

License

Apache-2.0, Unknown licenses found

Licenses found

Apache-2.0
LICENSE
Unknown
COPYING
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 2

v1.0.1 Latest
Feb 5, 2024
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages