Name

OpenXPKI::Crypto::Backend::OpenSSL::Engine::PKCS11

Description

This class implements an interface for OpenSC's PKCS#11 engine.

Configuration

You must configure an ENGINE_SECTION which looks like this:

 --snip--
 pkcs11 = pkcs11_section

 [pkcs11_section]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = /usr/lib/opensc-pkcs11.so
 init = 0
 --snip--

Please note that the key file which must be specified in the configuration must be the idenitifier of the key on the smartcard an not a real filename. A typical OpenSC example for a name is id_45.

Functions

tries to set the passphrase for the used token. Actually we cannot check the passphrase without risking to lock the smartcard or whatever token is used. If the passhrase is missing or shorter than 4 characters then an exception is thrown. There is no parameter because we get the passphrase from the OpenXPKI::Crypto::Secret object.

Examples: $engine->login ();

get_engine

returns the used OpenSSL engine pkcs11.

get_engine_section

returns the OpenSSL engine section from the configuration. Please note that this configuration must include a PIN line where the value of the PIN parameter is __PIN__. This is necessary because this is the only way how we can supply the PIN to the PKCS#11 library.

get_keyform

returns "engine" because otherwise the use of this module makes no sense.