1LIBP11-KIT-REMOTE.SO(8) System Manager's Manual LIBP11-KIT-REMOTE.SO(8)
2
6 libp11-kit-remote.so - PKCS#11 OpenSSL engine based on p11-kit
7
9 openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1
10 -pre LOAD
11 openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1
12 -pre LOAD -pre MODULE_PATH:/usr/lib/pkcs11/gnome-keyring-pkcs11.so
13 dynamic
14 openssl engine -t -pre SO_PATH:libp11-kit-engine.so -pre LIST_ADD:1
15 -pre LOAD -pre MODULE_PATH:unix:path=$XDG_RUNTIME_DIR/p11-kit/pkcs11
16
18 This is a PKCS#11 engine for OpenSSL based on p11-kit that is capable
19 of utilizing the p11-kit remoting capabilities.
20
22 MODULE_PATH
23 This sets the PKCS#11 module to use. If it starts with a "/" it
24 is assumed to be an absolute file path of a PKCS#11 module, oth‐
25 erwise it specifies a remote token specified using the same for‐
26 mat the "remote" key in pkcs11.conf uses.
27 LOAD_CERT_CTRL
29 This command is used by wpa_supplicant to load a certificate
30 from a CKA_VALUE attribute of a CKO_CERTIFICATE PKCS#11 object.
31 It accepts the argument in form of a following structure:
32 struct {
34 const char *uri_string;
35 X509 *cert;
36 } *params = p;
37
39 /usr/lib/openssl/engines/libp11-kit-engine.so
40 The OpenSSL engine.
41 /usr/lib/pkcs11/p11-kit-client.so
42 The p11-kit remoting module that is used to access remote
43 tokens.
45 This engine module is experimental and is not up to the feature parity
46 with libp11 based pkcs11_engine (which wpa_supplicant uses by default).
47 It might be possible to extend the pkcs11_engine to include the remot‐
48 ing functionality. In that case this module will be rendered obsolete.
50 pkcs11.conf(1), p11-kit(8), p11-kit-remote-socket(5),
51 p11-kit-remote@.service(5), engine(3), wpa_supplicant(8)
53 Lubomir Rintel
54p11-remote 2017-04-09 LIBP11-KIT-REMOTE.SO(8)