libp11
libp11 copied to clipboard
OpenSC
PKCS#11 wrapper library
Try signing a file using `sbsign` where key is stored on a Yubikey, it will crash: ``` sbsign --engine pkcs11 --key 'pkcs11:manufacturer=piv_II;id=%02' --cert ./sb/db.crt --output ./sb/secboot-linux-latest.efi.signed ./sb/secboot-linux-latest.efi ``` gdb shows...
I have successfully generated a private key in the ECC chip using the libcryptoauth API (v3.5.1 tag), specifically in slot. However, when attempting to access the private key pointer using...
Hi Everyone, here are some changes to begin supporting [OpenSSL3 providers](https://docs.openssl.org/3.0/man7/provider/). Key generation, sign + verify, encrypt + decrypt are available, though requires a lot-lot-lot of additional testing and maybe...
Do not assume the PKCS#11 handle value stored in libp11 key cache still relates to the very same object previously loaded. Maybe the client application has modified the PKCS#11 token...
openssl pkcs11 engine: a newly created key cannot be used if one with the same url was used before
We have the following issue: We use openssl 3.0.13 to OP-TEE (arm embedded) via the PKCS11 engine (libp11 0.4.12) We can create keys via pkcs11, use them from openssl, everything...
Hello, Has anyone succeeded to build a static pkcs11 library ? Despite that engine are designed to be dynamically loaded, but programmatically we still can set and register an engine...
Currently, storage of EC keys (EVP_PKEY_EC) is not supported in pkcs11_store_key(). This prevents from using PKCS11_store_private_key() (defined in libp11.h) to store this type of keys. This proposition of implementation reuses...
OpenSSL 3.0.14 LTS ZIP File (x64/x86) https://download.firedaemon.com/FireDaemon-OpenSSL/openssl-3.0.14.zip .\WinSSL\bin\openssl.exe engine dynamic -pre SO_PATH:".\libp11\32bit\pkcs11.dll" -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:".\pkcs11\opensc-pkcs11.dll" (dynamic) Dynamic engine loading support [Success]: SO_PATH:.\libp11\32bit\pkcs11.dll [Success]: ID:pkcs11 [Success]:...
We use openssl cms in combination with your module to perform the signing operation from our PKCS#11 module. On all other OS we test on (Debian 11, 12, Ubuntu 24,...
need to go up to 3.2 spec and add PQ mechs
