Data protection
OpenSSL Provider
4 min
this document provides information on configuring {{futurex}} hsms with openssl providers by using pkcs #11 libraries for additional questions related to your hsm, see the relevant administrator guide application description from the main latchset pkcs11 provider on github ( https //github com/latchset/pkcs11 provider) this is an openssl 3 x provider to access hardware and software tokens using the pkcs#11 cryptographic token interface access to tokens depends on loading an appropriate pkcs#11 driver that knows how to talk to the specific token the pkcs#11 provider is a connector that allows openssl to make proper use of such drivers this code targets pkcs#11 version 3 1 but is backwards compatible to version 3 0 and 2 40 as well why providers instead of engines openssl 3 x introduced a provider based architecture , replacing the deprecated engine system from openssl 1 x feature openssl 1 x engine openssl 3 x provider integration manual load, low level engine apis modular, auto loadable, integrated with evp/config hardware access requires engine specific glue code standardized pkcs#11–style provider modules fips support separate fips engine, complex integration dedicated fips provider simplifies certification flexibility harder to extend, single engine focus easier to extend, multiple providers can coexist in short providers are modern, modular, and fully supported, making them the preferred method for pkcs#11 hsm integration why latchset pkcs11 provider direct integration with openssl 3 x provider api variety of successful integrations tested with futurex hsms supports pkcs#11 3 0+ tokens without extra libraries simplifies configuration compared to engines guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration