tpm2-pkcs11
tpm2-pkcs11 copied to clipboard
How to dynamically load engine from openssl config?
Hello All,
This is a discussion/QA post than issue. I am new to pkcs11 and tpm2 and trying to integrate openssl with pkcs11 and tpm. I have few doubts regarding this:
- What is the difference between
libpkcs11.so, pkcs11.so, engine_pkcs11.so
andlibtpm2_pkcs11.so
? Which one to use? - What does MODULE_PATH mean in openssl.cnf? Can I use something like below in
openssl.cnf
to load pkcs engine dynamically?:
dynamic_path = /usr/lib/engines-1.1/pkcs11.so
MODULE_PATH = /usr/lib/pkcs11/libtpm2_pkcs11.so
- If I load dynamic engine from openssl.cnf, then is it needed to use
ENGINE *e = ENGINE_by_id("dynamic"); ENGINE_ctrl_cmd_string
in application source code? Do I need to have "dynamic" engine loading?
Thanks in advance.