Data protection

OpenSSL Engine

0min

OpenSSL is an open-source software library that provides a robust and comprehensive suite of cryptographic functions, enabling secure communication over computer networks. OpenSSL implements various cipher, digest, and signing features and enables you to consume and produce cryptographic keys. Despite its extensive capabilities, many believe certain security features should be implemented by using separate hardware, such as USB tokens, smart cards, or hardware security modules. To accommodate this preference, OpenSSL features an abstraction layer, the engine, which can delegate some of these functions to alternative software or hardware components. The engine_pkcs11 module integrates the PKCS #11 API with the OpenSSL engine API, effectively serving as a bridge between the two. This integration enables you to use PKCS #11 modules within the OpenSSL framework. To achieve this, you must register the engine_pkcs11 module with OpenSSL and provide the path to the PKCS #11 module that you want to connect. Accomplish this by editing the OpenSSL configuration file, using engine-specific controls, or employing the p11-kit proxy module.