Skip to main content

Installing PKCS#11 API for OpenSSL v1.x

Securosys HSM Integration Guide

This guide assumes familiarity with the Primus HSM, Windows and/or Linux operating system installation and configuration, OpenSSL setup, and related procedures.

It does not cover every step of the hardware and software setup in detail.

The following installation and configuration instructions are based on Windows 11 and may vary slightly for other versions of Windows.

note

Please ensure that you meet all the listed prerequisites before proceeding. Adhering to these requirements is essential for a smooth setup and successful integration. Failure to do so may result in compatibility issues or functionality problems during the configuration process.

PKCS#11 Engine Plugin

The PKCS#11 engine plugin is part of the OpenSC/libp11 repository on GitHub. As there are no Windows binaries releases provided for this project, the engine must be built manually. You can find detailed build instructions for different Windows build environments here.

To compile the PKCS#11 engine on Windows, follow these steps:

  1. Download and Install Microsoft Visual Studio

    Download Microsoft Visual Studio. When you run the executable, it will open the Visual Studio Installer. Choose the "C++ build tools" workload to install only the necessary tools.

  2. Download/Clone the PKCS#11 Engine

    You have two options to obtain the necessary files from the OpenSC/libp11 repository on GitHub. You can either create a clone of the repository directly onto your local machine using Git, or you can download the repository as a ZIP file. If you choose the ZIP option, simply extract the contents into a designated folder on your PC, e.g. C:\Users\<Username>\source\repos\libp11. Both methods will give you access to the code required for the build process.

  3. Compile a 64-bit Version

    To open the "x64 Native Tools Command Prompt", go to Start > All Programs > Visual Studio 2022 > x64 Native Tools Command Prompt. Once it's open, navigate to the folder where the files from the OpenSC/libp11 repository are stored. Then, run the nmake command, as shown below, thereby making sure to replace OPENSSL_DIR with the path to your OpenSSL installation.

    **********************************************************************
    ** Visual Studio 2022 Developer Command Prompt v17.11.4
    ** Copyright (c) 2022 Microsoft Corporation
    **********************************************************************
    [vcvarsall.bat] Environment initialized for: 'x64'

    C:\Program Files\Microsoft Visual Studio\2022\Community>cd c:\Users\<Username>\source\repos\libp11

    c:\Users\<Username>\source\repos\libp11>nmake /f Makefile.mak OPENSSL_DIR="C:\Program Files\OpenSSL-Win64" BUILD_FOR=WIN64

    To confirm if the compilation was successful, look for messages like Build succeeded or 0 errors. If the build failed, you will see messages such as Build failed or specific error messages. Always check the last lines of the output for a summary.

    If any of your builds fail for any reason, ensure you clean the src directory of obj files before re-making.

  4. Locate the compiled PKCS#11 Engine Plugin

    If the compilation is successful, the pkcs11.dll file will be located in the libp11\src folder. This is the OpenSC PKCS#11 Engine Plugin file you need.