Installing PKCS#11 API for OpenSSL v1.x
Securosys HSM Integration Guide
This guide assumes familiarity with the Primus HSM, Windows and/or Linux operating system installation and configuration, OpenSSL setup, and related procedures.
It does not cover every step of the hardware and software setup in detail.
- Windows 11
- Linux
The following installation and configuration instructions are based on Windows 11 and may vary slightly for other versions of Windows.
Please ensure that you meet all the listed prerequisites before proceeding. Adhering to these requirements is essential for a smooth setup and successful integration. Failure to do so may result in compatibility issues or functionality problems during the configuration process.
PKCS#11 Engine Plugin
The PKCS#11 engine plugin is part of the OpenSC/libp11 repository on GitHub. As there are no Windows binaries releases provided for this project, the engine must be built manually. You can find detailed build instructions for different Windows build environments here.
To compile the PKCS#11 engine on Windows, follow these steps:
-
Download and Install Microsoft Visual Studio
Download Microsoft Visual Studio. When you run the executable, it will open the Visual Studio Installer. Choose the "C++ build tools" workload to install only the necessary tools.
-
Download/Clone the PKCS#11 Engine
You have two options to obtain the necessary files from the OpenSC/libp11 repository on GitHub. You can either create a clone of the repository directly onto your local machine using Git, or you can download the repository as a ZIP file. If you choose the ZIP option, simply extract the contents into a designated folder on your PC, e.g.
C:\Users\<Username>\source\repos\libp11
. Both methods will give you access to the code required for the build process. -
Compile a 64-bit Version
To open the "x64 Native Tools Command Prompt", go to
Start > All Programs > Visual Studio 2022 > x64 Native Tools Command Prompt
. Once it's open, navigate to the folder where the files from the OpenSC/libp11 repository are stored. Then, run thenmake
command, as shown below, thereby making sure to replaceOPENSSL_DIR
with the path to your OpenSSL installation.**********************************************************************
** Visual Studio 2022 Developer Command Prompt v17.11.4
** Copyright (c) 2022 Microsoft Corporation
**********************************************************************
[vcvarsall.bat] Environment initialized for: 'x64'
C:\Program Files\Microsoft Visual Studio\2022\Community>cd c:\Users\<Username>\source\repos\libp11
c:\Users\<Username>\source\repos\libp11>nmake /f Makefile.mak OPENSSL_DIR="C:\Program Files\OpenSSL-Win64" BUILD_FOR=WIN64To confirm if the compilation was successful, look for messages like
Build succeeded
or0 errors
. If the build failed, you will see messages such asBuild failed
or specific error messages. Always check the last lines of the output for a summary.If any of your builds fail for any reason, ensure you clean the
src
directory ofobj
files before re-making. -
Locate the compiled PKCS#11 Engine Plugin
If the compilation is successful, the
pkcs11.dll
file will be located in thelibp11\src
folder. This is the OpenSC PKCS#11 Engine Plugin file you need.
The installation instructions for Linux-based systems will be added to this guide in the future. While we are working to provide these details, please note that it may take some time before they are fully available. We appreciate your patience and understanding as we continue to expand our documentation.