OpenSSL Engine
This document provides information regarding configuring Futurex HSMs with OpenSSL Engine using PKCS #11 libraries. For additional questions related to your HSM, see the relevant administrator’s guide.
From the main OpenSC - libp11 page on GitHub (https://github.com/OpenSC/libp11): "OpenSSL implements various cipher, digest, and signing features and it can consume and produce keys. However plenty of people think that these features should be implemented in separate hardware, like USB tokens, smart cards or hardware security modules. Therefore OpenSSL has an abstraction layer called "engine" which can delegate some of these features to different piece of software or hardware.
engine_pkcs11 tries to fit the PKCS#11 API within the engine API of OpenSSL. That is, it provides a gateway between PKCS#11 modules and the OpenSSL engine API. One has to register the engine with OpenSSL and one has to provide the path to the PKCS#11 module which should be gatewayed to. This can be done by editing the OpenSSL configuration file, by engine specific controls, or by using the p11-kit proxy module."
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralize device management
- Eliminates points of failure
- Distribute transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see the applicable guide for configuring HSMs with the Guardian Series 3.