Application description
From the main OpenSC - libp11 page on GitHub (https://github.com/OpenSC/libp11): OpenSSL implements various cipher, digest, and signing features, and it can consume and produce keys. However, many people believe that these features should be implemented in separate hardware, such as USB tokens, smart cards, or HSMs. Therefore, OpenSSL has an abstraction layer, orengine, which can delegate some of these features to different software or hardware.engine_pkcs11 tries to fit the PKCS#11 API within the engine API of OpenSSL. That is, it provides a gateway between PKCS#11 modules and the OpenSSL engine API. Register the engine with OpenSSL and provide the path the PKCS#11 module should gateway to. Do this by editing the OpenSSL configuration file, using engine-specific controls, or using the p11-kit proxy module.Guardian integration
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems