Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Document Table of Contents

3.4. Using an HSM Manager

The PACSign tool does not implement any cryptographic functions. PACSign must interact with a cryptographic service, and it does this through modules called Hardware Security Module (HSM) managers. PACSign provides the following managers:
  • openssl_manager: interfaces with OpenSSL
  • pkcs11_manager: interfaces with any HSM implementing PKCS#11
Use the -H option with the PACSign command to select an HSM manager. The following sections provide examples for the PACSign OpenSSL manager using OpenSSL v1.1.1d, and the PACSign PKCS #11 manager using SoftHSM v2.5.0. Examples of key creation and management with both OpenSSL and SoftHSM (through the utilities softhsm2-util and pkcs11-tool) are also provided. To create your own custom HSM manager, refer to the Custom HSM Manager Creation topic more information.

Did you find the information on this page useful?

Characters remaining:

Feedback Message