FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

how to test pkcs11(generate pkcs11.so)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

how to test pkcs11(generate pkcs11.so)

Jump to solution
‎08-03-2021 11:33 PM
2,799 Views
dongyeonkim01
Contributor I

Hi

we are testing 'PKCS11' using LSDK 20.04

 

following 6.5.3.3.2 PKCS#11 based OpenSSL Engine (Third party OpenSC/libp11)

dongyeonkim01_1-1628057305775.png

 

we want success 'openssl engine pkcs11 -t' command 

(pkcs11) pkcs11 engine
[ available ]

 

but we are return errors.,..

dongyeonkim01_2-1628057573266.png

'pkcs11.so' files not found error so,

I guess cause openssl engine is not generate 'pkcs11.so' files

 

and our /etc/ssl/openssl.cnf

dongyeonkim01_3-1628057651410.png

 

 

thank you

 

0 Kudos
Reply
1 Solution

Jump to solution
‎08-05-2021 11:42 PM
2,769 Views
yipingwang
NXP TechSupport
NXP TechSupport

You could add libengine-pkcs11-openssl to additional_main_packages_list in configs/ubuntu/additional_packages_list.

Then execute the following command.

$ flex-builder -i clean-rfs -r ubuntu:main

$ flex-builder -i mkrfs -r ubuntu:main

$ flex-builder -i packrfs -r ubuntu:main

View solution in original post

0 Kudos
Reply
6 Replies

Jump to solution
‎08-05-2021 03:13 AM
2,781 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please edit /etc/ssl/openssl.cnf  as the following.

[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/aarch64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /usr/local/lib/libpkcs11.so
init = 0

0 Kudos
Reply

Jump to solution
‎08-04-2021 12:47 AM
2,799 Views
yipingwang
NXP TechSupport
NXP TechSupport

pkcs11 engine for OpenSSL can be installed on board using command sudo apt-get install libengine-pkcs11-openssl
Above command will install the libpkcs11.so (pkcs11 engine) in /usr/lib/aarch64-linux-gnu/engines-1.1/libpkcs11.so and this
will be dynamic_path in OpenSSL configuration file.

0 Kudos
Reply

Jump to solution
‎08-04-2021 09:13 PM
2,795 Views
dongyeonkim01
Contributor I

thank you for your reply

 

I find libpkcs11.so  file

 

but I make another errors

dongyeonkim01_0-1628150604392.png

 

 

and my /etc/ssl/openssl.cnf 
(chantge dynamic path, module path)

dongyeonkim01_0-1628136689556.png

 

+) add

How do I make image, including libpkcs11.so libaray?

I've already changed the libpkcs11=y option in the build_lsdk.cfg file.

0 Kudos
Reply

Jump to solution
‎08-05-2021 02:42 AM
2,783 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please enable the following options in configs/build_lsdk.cfg.

CONFIG_APP_OPTEE=y
CONFIG_APP_LIBPKCS11=y
CONFIG_APP_SECURE_OBJ=y

Then execute the following commands.

$ flex-builder -c libpkcs11 -a arm64

$ flex-builder -i merge-component -a arm64

$ flex-builder -i packrfs -a arm64

0 Kudos
Reply

Jump to solution
‎08-05-2021 10:13 PM
2,775 Views
dongyeonkim01
Contributor I

I used this option to build the image.

$ flex-builder -c libpkcs11 -a arm64

$ flex-builder -i merge-component -a arm64

$ flex-builder -i packrfs -a arm64

 

but I should installed  'sudo apt-get install libengine-pkcs11-openssl' when I used 'openssl engine' with pkcs11

how can I include libengine-pkcs11-openssl  library into image??

0 Kudos
Reply

Jump to solution
‎08-05-2021 11:42 PM
2,770 Views
yipingwang
NXP TechSupport
NXP TechSupport

You could add libengine-pkcs11-openssl to additional_main_packages_list in configs/ubuntu/additional_packages_list.

Then execute the following command.

$ flex-builder -i clean-rfs -r ubuntu:main

$ flex-builder -i mkrfs -r ubuntu:main

$ flex-builder -i packrfs -r ubuntu:main

0 Kudos
Reply