Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Document Table of Contents

3.4. Using an HSM Manager

The PACSign tool does not implement any cryptographic functions. PACSign must interact with a cryptographic service, and it does this through modules called Hardware Security Module (HSM) managers. PACSign provides the following managers:
  • openssl_manager: interfaces with OpenSSL
  • pkcs11_manager: interfaces with any HSM implementing PKCS#11
Use the -H option with the PACSign command to select an HSM manager. The following sections provide examples for the PACSign OpenSSL manager using OpenSSL v1.1.1d, and the PACSign PKCS #11 manager using SoftHSM v2.5.0. Examples of key creation and management with both OpenSSL and SoftHSM (through the utilities softhsm2-util and pkcs11-tool) are also provided. To create your own custom HSM manager, refer to the Custom HSM Manager Creation topic more information.