Your company here ā€” click to reach over 10,000 unique daily visitors

libp11-kit-engine.so - Man Page

PKCS#11 OpenSSL engine based on p11-kit


openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/pkcs11/gnome-keyring-pkcs11.so dynamic
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:unix:path=$XDG_RUNTIME_DIR/p11-kit/pkcs11


This is a PKCS#11 engine for OpenSSL based on p11-kit that is capable of utilizing the p11-kit remoting capabilities.



This sets the PKCS#11 module to use. If it starts with a "/" it is assumed to be an absolute file path of a PKCS#11 module, otherwise it specifies a remote token specified using the same format the "remote" key in pkcs11.conf uses.


This command is used by wpa_supplicant to load a certificate from a CKA_VALUE attribute of a CKO_CERTIFICATE PKCS#11 object. It accepts the argument in form of a following structure:

  struct {
      const char *uri_string;
      X509 *cert;
  } *params = p;



The OpenSSL engine.


The p11-kit remoting module that is used to access remote tokens.


This engine module is experimental and is not up to the feature parity with libp11 based pkcs11_engine (which wpa_supplicant uses by default). It might be possible to extend the pkcs11_engine to include the remoting functionality. In that case this module will be rendered obsolete.

See Also

pkcs11.conf(1), p11-kit(8), p11-kit-remote-socket(5), p11-kit-remote@.service(5), engine(3), wpa_supplicant(8)


Lubomir Rintel

Referenced By

p11-kit-remote@.service(5), p11-kit-remote.socket(5).

2017-04-09 p11-remote