next up previous contents
Next: The openssl command-line tool Up: OpenSSL and EVP Previous: OpenSSL and EVP   Contents


Configuration file

Here's a simple configuration file that selects the PKCS11 engine, and what actual module to use with the engine.

# PKCS11 engine config##################################################
openssl_conf            = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = /home/jelte/pkcs11/aep/pkcs11.GCC4.0.2.so.4.04 
init = 0

The first few sections are some abstractions used. The important

section here is pkcs11_section. This provides an engine id, a dynamic path for the main driver (in this case a pkcs11 module), and a specific driver for the actual HSM used.

When you now run an openssl application with this config file, the pkcs11 engine is added to the list of available engines.



Written by Jelte Jansen
© NLnet Labs, May 13, 2008
jelte@nlnetlabs.nl