Installing PKCS#11 for OpenSSL v3
Securosys HSM Integration Guide
Download the package containing the pre-compiled OpenSSL
pkcs11-provider (login required). Extract the provider and move the files to
a suitable directory. The path used throughout this documentation is
/usr/local/lib/ossl-modules/. The provider location has to be
specified in the OpenSSL configuration. That means that the location
does not matter as long as the user of the OpenSSL tool can access it.
-
Download the bundle and extract its content to
/tmp/securosysP11_PROV_VERSION=latest
CRED=<USERNAME:PASSWORD>
curl -L -XGET "https://${CRED}@securosys.jfrog.io/artifactory/opensslv3-pkcs11/${P11_PROV_VERSION}/Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-${P11_PROV_VERSION}.zip" -o Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-${P11_PROV_VERSION}.zip
unzip Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-${P11_PROV_VERSION}.zip -d /tmp/securosys -
Extract the library files to
/usr/local/lib/ossl-modules/unzip /tmp/securosys/securosys_primusapi_osslv3-provider-pkcs11-executable-${P11_PROV_VERSION}.zip -d /tmp/securosys/
sudo mkdir -p /usr/local/lib/ossl-modules
sudo unzip -j /tmp/securosys/PrimusAPI_OSSLv3-Provider-PKCS11-${P11_PROV_VERSION}-linux_amd64.zip -d /usr/local/lib/ossl-modules/ -
Change the owner and permissions of the files
sudo chown root:primus /usr/local/lib/ossl-modules/pkcs11.{so,la,license}
sudo chmod 444 /usr/local/lib/ossl-modules/pkcs11.{so,la,license}
If you built OpenSSL yourself following the instructions in the prerequisites page, you can place the pkcs11-provider files with the built-in providers in the /opt/openssl-${OPENSSL_VERSION}/lib/ossl-modules directory.
Files
The package with the pre-compiled binaries contains the following files:
| File | Description |
|---|---|
| pkcs11.so | Dynamically-linked shared object. This file is loaded by OpenSSL |
| pkcs11.la | Libtool library file. Description of the library generated by libtool |
| pkcs11.license | Copy of the license |