Friends, I have a smart card, which I want to integrate OpenSSL. Plan to do this through a system of "ENGINE" in OpenSSL. However, I have a problem with understanding. The fact that there are such things as engine_pkcs11, opensc, libp11, pkcs11-helper. Can anyone explain the relationship? What is and what to compile in the first place?
Is it enough to write me a library with external PKCS # 11 functions to connect it to openssl? I have to take the source code of the library engine_pkcs11 and modify it to fit my card?
Do I need this opensc, libp11, pkcs11-helper? Why, then, need these libraries?
Also, I should note that the smart card does not support RSA-algorithm, it will be a different algorithm!!!!
Really looking forward to your answers!
libp11 is a helper library designed to make it easier to use PKCS#11 in applications without having to program to the PKCS#11 API.
OpenSSL HSM SupportOpenSSL does not have native support for PKCS#11. It can provide PKCS#11 support through the OpenSC's project pkcs11 engine (formerly known as engine_pkcs11 ). As such software intended to use HSMs, must utilize that engine.
PKCS11 (Public-Key Cryptography Standards), also known as “Cryptoki” or PKCS#11, is an API used to communicate with cryptographic security tokens such as smart cards, USB keys, and Hardware Security Modules (HSMs).
The openssl engine for pkcs#11 by OpenSC is needed to make interaction between openssl and smartcard by pkcs#11 possible.
The engine is built on top of libp11 by OpenSC, an abstraction/wrapper layer/interface, built on pkcs#11 standard API for utility purpose.
From top to bottom we have:
So in an optimum case you have only to write the pkcs#11 module for you specific smartcard hardware and then load it using pkcs#11 engine.
The problem here is that pkcs#11 engine, at the moment, support only CKM_RSA_PKCS, so, probably, you have also to extend the current pkcs#11 openssl engine.
More info at https://github.com/OpenSC/OpenSC/wiki
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With