Building an OpenSSL 3 Provider for PKCS11 - DevConf.CZ 2023

Explore the transition from OpenSSL's deprecated ENGINE API to the new OpenSSL 3 provider system for accessing smartcards via PKCS11 in this DevConf.CZ 2023 conference talk. Delve into the changes, both positive and negative, affecting application developers and those interested in provider development. Learn about the lessons gained from developing a PKCS11 provider for OpenSSL and discover the new opportunities presented by this extension paradigm. Gain insights into the PKCS11 API, available providers, configuration, and the intricacies of writing a provider, including operations, function tables, key retrieval and management, and signature operations. Understand the goals, challenges, and future steps for the PKCS11 Provider, equipping yourself with valuable knowledge for working with OpenSSL 3 and hardware-based cryptographic solutions.

Introduction
Outline
The problem
What are providers
What is a provider
Provider vs engine
What is the difference
Available providers
PKCS11 API
PKCS11 Standard
What is the PKCS7 Provider
Goals for the PKCS11 Provider
Configuration
Print
Writing a provider
What are operations
Function table
Key retrieval Key management
Signature operations
Hard areas
Next steps
Summary