libp11-kit-engine.so man page

libp11-kit-remote.so ā€” PKCS#11 OpenSSL engine based on p11-kit

Synopsis

openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/pkcs11/gnome-keyring-pkcs11.so dynamic
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:unix:path=$XDG_RUNTIME_DIR/p11-kit/pkcs11

Description

This is a PKCS#11 engine for OpenSSL based on p11-kit that is capable of utilizing the p11-kit remoting capabilities.

Commands

MODULE_PATH

This sets the PKCS#11 module to use. If it starts with a "/" it is assumed to be an absolute file path of a PKCS#11 module, otherwise it specifies a remote token specified using the same format the "remote" key in pkcs11.conf uses.

LOAD_CERT_CTRL

This command is used by wpa_supplicant to load a certificate from a CKA_VALUE attribute of a CKO_CERTIFICATE PKCS#11 object. It accepts the argument in form of a following structure:

  struct {
      const char *uri_string;
      X509 *cert;
  } *params = p;

Files

/usr/lib/openssl/engines/libp11-kit-engine.so

The OpenSSL engine.

/usr/lib/pkcs11/p11-kit-client.so

The p11-kit remoting module that is used to access remote tokens.

Notes

This engine module is experimental and is not up to the feature parity with libp11 based pkcs11_engine (which wpa_supplicant uses by default). It might be possible to extend the pkcs11_engine to include the remoting functionality. In that case this module will be rendered obsolete.

See Also

pkcs11.conf(1), p11-kit(8), p11-kit-remote-socket(5), p11-kit-remote@.service(5), engine(3), wpa_supplicant(8)

Authors

Lubomir Rintel

Referenced By

p11-kit-remote@.service(5), p11-kit-remote.socket(5).

2017-04-09 p11-remote