wolfSSL PKCS#11 Support

The wolfSSL embedded SSL/TLS library has support for PCKS#11! The PKCS#11 standard defines an API for using cryptographic tokens. The API added to wolfSSL will work with the most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create, modify and delete those objects.

Using wolfSSL on your application or your device will now allow you to utilize PKCS#11 for access to hardware security modules, smart cards, and other cryptographic tokens. Interoperability of wolfSSL's PKCS#11 implementation has been tested against both OpenCryptoki, and SoftHSM2.

To build wolfSSL with PKCS#11 support, the library needs to be downloaded and then built with a specific configure flag or macro define. The library can be downloaded from the wolfSSL website, located here: https://www.wolfssl.com/download/. The steps to build and install with PKCS#11 are detailed below:

# From within wolfSSL's root directory
./configure --enable-pkcs11
sudo make install

If the library is being built in a non-standard environment or autotools are not being used, then the macros HAVE_PKCS11 and HAVE_WOLF_BIGINT (used for some fastmath and ECC operations) need to be defined.

Documentation and more information about the PKCS#11 additions to wolfSSL  arelocated within on the doxygen pages, here: https://www.wolfssl.com/doxygen/group__PKCS11.html

More information about the new release of wolfSSL v3.15.7 can be found here: https://www.wolfssl.com/wolfssl-3-15-7-now-available/

Wikipedia article on PKCS#11: https://en.wikipedia.org/wiki/PKCS_11

For more information about wolfSSL and PKCS#11 use contact us at facts@wolfssl.com.