The wolfSSL embedded SSL/TLS library has support for PCKS#11! The PKCS#11 standard defines an API for using cryptographic tokens. The API added to wolfSSL will work with the most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create, modify and delete those objects.
Using wolfSSL on your application or your device will now allow you to utilize PKCS#11 for access to hardware security modules, smart cards, and other cryptographic tokens. Interoperability of wolfSSL's PKCS#11 implementation has been tested against both OpenCryptoki, and SoftHSM2.
To build wolfSSL with PKCS#11 support, the library needs to be downloaded and then built with a specific configure flag or macro define. The library can be downloaded from the wolfSSL website, located here: https://www.wolfssl.com/download/. The steps to build and install with PKCS#11 are detailed below:
# From within wolfSSL's root directory ./autogen.sh ./configure --enable-pkcs11 make sudo make install
If the library is being built in a non-standard environment or autotools are not being used, then the macros HAVE_PKCS11 and HAVE_WOLF_BIGINT (used for some fastmath and ECC operations) need to be defined.
Documentation and more information about the PKCS#11 additions to wolfSSL arelocated within on the doxygen pages, here: https://www.wolfssl.com/doxygen/group__PKCS11.html
More information about the new release of wolfSSL v3.15.7 can be found here: https://www.wolfssl.com/wolfssl-3-15-7-now-available/
Wikipedia article on PKCS#11: https://en.wikipedia.org/wiki/PKCS_11
For more information about wolfSSL and PKCS#11 use contact us at facts@wolfssl.com.