libp11-kit-engine.so - Man Page
PKCS#11 OpenSSL engine based on p11-kit
Synopsis
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/pkcs11/gnome-keyring-pkcs11.so dynamic
openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:unix:path=$XDG_RUNTIME_DIR/p11-kit/pkcs11
Description
This is a PKCS#11 engine for OpenSSL based on p11-kit that is capable of utilizing the p11-kit remoting capabilities.
Commands
- MODULE_PATH
This sets the PKCS#11 module to use. If it starts with a "/" it is assumed to be an absolute file path of a PKCS#11 module, otherwise it specifies a remote token specified using the same format the "remote" key in pkcs11.conf uses.
- LOAD_CERT_CTRL
This command is used by wpa_supplicant to load a certificate from a CKA_VALUE attribute of a CKO_CERTIFICATE PKCS#11 object. It accepts the argument in form of a following structure:
struct { const char *uri_string; X509 *cert; } *params = p;
Files
- /usr/lib/openssl/engines/libp11-kit-engine.so
The OpenSSL engine.
- /usr/lib/pkcs11/p11-kit-client.so
The p11-kit remoting module that is used to access remote tokens.
Notes
This engine module is experimental and is not up to the feature parity with libp11 based pkcs11_engine (which wpa_supplicant uses by default). It might be possible to extend the pkcs11_engine to include the remoting functionality. In that case this module will be rendered obsolete.
See Also
pkcs11.conf(1), p11-kit(8), p11-kit-remote-socket(5), p11-kit-remote@.service(5), engine(3), wpa_supplicant(8)
Authors
Lubomir Rintel
Referenced By
p11-kit-remote@.service(5), p11-kit-remote.socket(5).