Parsec OpenSSL Provider is an OpenSSL 3.x provider to access the Parsec Service for performing cryptographic operations using hardware backed keys.
Learn more about Parsec here.
The provider should work with any version of the Parsec Service starting from 1.x.x but it is recommended to use the latest available version.
- OpenSSL 3.x.x libraries and development headers
Use the following commands to build a shared library of the parsec provider that can be dynamically loaded by openssl,
cd parsec-openssl-provider-shared
cargo build
You should be able to find the provider libparsec_openssl_provider_shared.so under /parsec-openssl-provider/target/debug/.
The easiest way to load and run the provider is by using the openssl config file. You can add the following section to your existing config file,
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
parsec = parsec_sect
[parsec_sect]
module = /path-to-shared-library/libparsec_openssl_provider_shared.so
activate = 1
[default_sect]
activate = 1
Once configured, you can list the providers loaded using the following command and ensure that parsec is loaded successfully.
openssl list -providers
You can explicitly specify the provider in the above command instead of using the openssl config file as shown below,
openssl list -providers -provider-path /path/to/provider -provider libparsec_openssl_provider_shared
The software is provided under Apache-2.0. Contributions to this project are accepted under the same license.
