OpenSSL 3 and black key?

Christian-R · ‎10-24-2025

Hi,

We are interested in being able to use CAAM to support OpenSSL with black keys for signing operations.

OpenSSL 3 recommends using a new interface called "Provider".

It appears there's no ready CAAM "Provider" implementation without using something like OP-TEE. Could someone confirm or deny this?

If there's no ready implementation, any suggestions, is there any official support integrating black key sign/verify operations to mbedTLS, OpenSSH, OpenGPG, etc..?

Thanks,
Christian

Christian-R · ‎10-27-2025

If possible we'd like to _not_ have to use OPTEE.
Do you know if that's possible?

Regard,
Christian

Harvey021 · ‎10-29-2025

Have also checked with internal security team, no positive answer without OPTEE.

Regards

Harvey

Harvey021 · ‎10-27-2025

Hi,

Hope that the section <10.4.8 OpenSSL TLS offload to OP-TEE PKCS#11 via pkcs11-provider> of UG10163.pdf be helpful.

Regards

Harvey

OpenSSL 3 and black key?

OpenSSL 3 and black key?

i.MX 8 Family | i.MX 8QuadMax (8QM) | 8QuadPlus

Security