Installing OpenSSLv3 pkcs11-provider
Download the package containing the pre-compiled OpenSSL pkcs11-provider. Extract the provider and move the files to a suitable directory. The path used throughout this documentation is /usr/local/lib/ossl-modules/. The provider location has to be specified in the OpenSSL configuration. That means that the location does not matter as long as the user of the OpenSSL tool can access it.
-
Download the bundle and extract its content to
/tmp/securosys
P11_PROV_VERSION=0.3.0
CRED=<USERNAME:PASSWORD>
curl -L -XGET "https://${CRED}@securosys.jfrog.io/artifactory/opensslv3-pkcs11/v${P11_PROV_VERSION}/Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-v${P11_PROV_VERSION}.zip" -o Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-v${P11_PROV_VERSION}.zip
unzip Securosys_PrimusAPI_OSSLv3-Provider-PKCS11-v${P11_PROV_VERSION}.zip -d /tmp/securosys -
Extract the library files to /usr/local/lib/ossl-modules/
unzip /tmp/securosys/securosys_primusapi_osslv3-provider-pkcs11-executable-v${P11_PROV_VERSION}.zip -d /tmp/securosys/
sudo mkdir -p /usr/local/lib/ossl-modules
sudo unzip -j /tmp/securosys/PrimusAPI_OSSLv3-Provider-PKCS11-v${P11_PROV_VERSION}-linux_amd64.zip -d /usr/local/lib/ossl-modules/ -
Change the owner and permissions of the files
sudo chown root:primus /usr/local/lib/ossl-modules/pkcs11.{so,la,license}
sudo chmod 444 /usr/local/lib/ossl-modules/pkcs11.{so,la,license}
If you built OpenSSL yourself following the instructions in the prerequisites page, you can place the pkcs11-provider files with the built-in providers in the /opt/openssl-${OPENSSL_VERSION}/lib/ossl-modules directory.
Files
The package with the pre-compiled binaries contains the following files:
File | Description |
---|---|
pkcs11.so | Dynamically-linked shared object. This file is loaded by OpenSSL |
pkcs11.la | Libtool library file. Description of the library generated by libtool |
pkcs11.license | Copy of the license |