tpm2-pkcs11 icon indicating copy to clipboard operation
tpm2-pkcs11 copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

How to dynamically load engine from openssl config?

Open Sourabh-ALTEN opened this issue 1 year ago • 0 comments

Hello All,

This is a discussion/QA post than issue. I am new to pkcs11 and tpm2 and trying to integrate openssl with pkcs11 and tpm. I have few doubts regarding this:

  1. What is the difference between libpkcs11.so, pkcs11.so, engine_pkcs11.so and libtpm2_pkcs11.so? Which one to use?
  2. What does MODULE_PATH mean in openssl.cnf? Can I use something like below in openssl.cnf to load pkcs engine dynamically?:
dynamic_path = /usr/lib/engines-1.1/pkcs11.so
MODULE_PATH = /usr/lib/pkcs11/libtpm2_pkcs11.so
  1. If I load dynamic engine from openssl.cnf, then is it needed to use ENGINE *e = ENGINE_by_id("dynamic"); ENGINE_ctrl_cmd_string in application source code? Do I need to have "dynamic" engine loading?

Thanks in advance.

Sourabh-ALTEN avatar Jul 14 '22 09:07 Sourabh-ALTEN