- Quick navigation
- PKCS#11 Interface implementation for OPTIGA™ Trust M Host library for C
- Preparing the Environment
- Building System Test Project for PKCS#11
PKCS#11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/devices such as hardware security modules (HSM), smart cards etc. In this project we intend to use a OPTIGA™ Trust M device as the cryptographic token.
This repository tests runs on a Raspberry PI. The Raspberry PI used is running on Raspberry Pi OS.
To prepare and install Raspberry Pi OS in a raspberry PI, please refer to the official documentation here.
This tool was tested on a Raspberry Pi 4 Model B with Raspberry Pi OS Debian Bookworm release 2024-03-15.
Once the raspberry PI is set up and ready to use, the I2C interface needs to be enabled. this interface will be used to communicate with OPTIGA™ Trust M device.
Run the command below in the terminal console.
sudo raspi-config
- Navigate to Interfacing Options.
- Select I2C and hit enter.
- When the window to enable the I2C interface is appeared select yes.
- Finish the configuration window.
Hardware connection:
I2C Connection Below table shows the I2C connection between the OPTIGA™ Trust M and Raspberry Pi(RPI).
No | Description | RPI Pin # | Pin Description |
---|---|---|---|
1 | I2C SCL | 5 | SCL1, I2C |
2 | I2C SDA | 3 | SDA1, I2C |
3 | VCC | 17 | 3V3 |
4 | GND | 9 | GND |
git clone --recurse-submodules https://github.com/Infineon/pkcs11-optiga-trust-m
To Install system dependencies and build the project with installation scripts, follow the steps below.
if not installed, A tool might be needed to run the next script in Linux environment. please install dos2unix tool and apply it to the script before running the script.
sudo apt install dos2unix
- Navigate to tools/installation folder.
cd tools/installation
- Run the setup_dependencies.sh shell script provided. This will install all dependencies needed by the PKCS#11 project.
chmod +x setup_dependencies.sh
dos2unix setup_dependencies.sh
./setup_dependencies.sh
- Run the install_shared_lib.sh shell script provide will compile and install the shared libraries into the system.
chmod +x install_shared_lib.sh
dos2unix install_shared_lib.sh
./install_shared_lib.sh
- Go to OpenSC folder to run examples in script OpenSC-pkcs11-tool-commands.sh
From root folder :
cd tests/opensc
chmod +x OpenSC-pkcs11-tool-commands.sh
dos2unix OpenSC-pkcs11-tool-commands.sh
./OpenSC-pkcs11-tool-commands.sh
- To clean the files generated by the execution of OpenSC-pkcs11-tool-commands.sh, the script clean.sh can be used :
chmod +x clean.sh
dos2unix clean.sh
./clean.sh
- Go to OpenSSL_Engine_folder to run examples in script openssl-pkcs11-libp11-ecc.sh for ECC algorithm and openssl-pkcs11-libp11-rsa.sh for RSA algorithm.
For examples for ECC algorithm through OpenSSL Engine interface:
From root folder :
cd tests/openssl/openssl_engine
chmod +x openssl-pkcs11-libp11-ecc.sh
dos2unix openssl-pkcs11-libp11-ecc.sh
./openssl-pkcs11-libp11-ecc.sh
For examples for RSA algorithm through OpenSSL Engine interface :
From root folder :
cd tests/openssl/openssl_engine
chmod +x openssl-pkcs11-libp11-rsa.sh
dos2unix openssl-pkcs11-libp11-rsa.sh
./openssl-pkcs11-libp11-rsa.sh
-
To clean the files generated by the execution of openssl-pkcs11-libp11-ecc.sh and openssl-pkcs11-libp11-rsa.sh, the script clean.sh can be used :
chmod +x clean.sh dos2unix clean.sh ./clean.sh
- Go to the aws_python folder and follow the instructions to set up the AWS IoT and MQTT Client.
Please see our LICENSE for copyright and license information.
This project follows the REUSE approach, so copyright and licensing information is available for every file (including third party components) either in the file header, an individual *.license file or a REUSE.toml file. All licenses can be found in the LICENSES folder.