Jakub Jelen
Jakub Jelen is a Principal Software Engineer in Red Hat, working on various projects that are touching security and cryptography area.
Session
OpenSSL never directly supported accessing hardware modules through PKCS#11. Over the years, the community created various engines for this task, but only with the OpenSSL 3 Store API and with providers integration it became more streamlined, which is when we started working on the pkcs11-provider project [1].
But we did not stop here. From the pkcs11-provider side, we brought the SKEY API to OpenSSL 3.5. We also implemented a new software pkcs11 module kryoptic [2] (using OpenSSL), which closes the circle and we can now use OpenSSL also as a PKCS#11 module.
In this presentation, I would like to talk about the recent development of the PKCS#11 standard, about the development of a pkcs11-provider, and how kryoptic works and what problems it solved for us.
[1] https://github.com/latchset/pkcs11-provider
[2] https://github.com/latchset/kryoptic/