Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section covers installing and configuring the following components of the OpenSSL library:
LibraryDescription
libp11Provides a higher-level interface (compared to the PKCS #11 library) for accessing PKCS #11 objects. It integrates with applications that use OpenSSL.
OpenSCProvides a set of libraries and utilities to work with smart cards. It focuses on cards that support cryptographic operations and facilitates their use in security applications such as authentication, mail encryption, and digital signatures.
PKCS11 engine pluginEngine plugin for the OpenSSL library that allows accessing PKCS #11 modules in a semi-transparent way.
Perform the following tasks to install and configure the OpenSSL Engine:
  1. Install libp11 and OpenSC.
  2. Edit the OpenSSL configuration file.

Install libp11 and OpenSC

Select your operating system and perform the installation steps:

Ubuntu/Debian

Perform the following steps to install libp11 and OpenSC on Ubuntu or Debian:
1
In a terminal, run the following sequence of commands to install libp11 and OpenSC:
Shell
sudo apt update
sudo apt install libengine-pkcs11-openssl
sudo apt install opensc

Red Hat/CentOS

Perform the following steps to install libp11 and OpenSC on Red Hat or CentOS:
1
In a terminal, run the following sequence of commands to install libp11 and OpenSC:
Shell
sudo yum check-update
sudo yum install openssl-pkcs11
sudo yum install opensc

Edit the configuration file

The following instructions are the same for Ubuntu/Debian-based Linux distributions and Red Hat/CentOS-based distributions, except for the dynamicpath define in the openssl.cnf file:
  • On Ubuntu 18, the location of the pkcs11.so file specified in the dynamicpath define is shown in the following procedure.
  • On CentOS 8, the location of the pkcs11.so file is /usr/lib64/engines-1.1/pkcs11.so.
Perform the following steps to edit the OpenSSL configuration file:
1
To confirm the location of the pkcs11.so file on your system, run the following command in a terminal as root:
Shell
find / -type f -name "pkcs11.so"
After you confirm the location, proceed with the following instructions to edit the OpenSSL configuration file.
2
Run the following command to determine the location of the OpenSSL configuration file for the logged-in user:
Shell
openssl version -d
If you prefer to edit your global OpenSSL configuration file, its location is usually in /etc/ssl/openssl.cnf.
3
Open in a text editor the openssl.cnf file inside the OpenSSL directory that you identified in the preceding command.
4
Put the following line at the top of the file before any sections are defined:
None
openssl_conf = openssl_init
5
Put the following text at the bottom of the file:
None
[openssl_init] 
engines=engine_section 
[engine_section] 
pkcs11 = pkcs11_section 
[pkcs11_section] 
engine_id = pkcs11 
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so 
MODULE_PATH = /usr/local/bin/fxpkcs11/libfxpkcs11.so
PIN = "safest" 
init = 0
The value set for MODULE_PATH must specify where you installed the Futurex PKCS #11 module on your system.
You must set the password of the identity created on the CryptoHub for your specific integration in the PIN field.