# cryptoauth-openssl-engine **Repository Path**: MicrochipTech/cryptoauth-openssl-engine ## Basic Information - **Project Name**: cryptoauth-openssl-engine - **Description**: DEPRECATED: Use https://github.com/MicrochipTech/cryptoauthlib/wiki/PKCS11-Linux-Setup - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2026-06-23 - **Last Updated**: 2026-07-11 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README Configuration: Most of the configuration of the library can be done in lib/openssl/eccx08_engine.h or via defines during build The exception to this is in eccx08_platform.c where key slots are defaulted If the ATCA_OPENSSL_ENGINE_STATIC_CONFIG define is set to 1 then device and signer certificate definitions will have to be linked into the library at build. e.g. see the line in the makefile: #LIBATECCSSL_OBJECTS += cert_def_1_signer.c cert_def_2_signer.c Makfile: The makefile included in this archive is fairly basic and is not what one would consider appropriate for a package so there is likely some manual configuration that would be needed at this stage To build the library: > make libateccssl To run the test program: > make test To extract certificates (if the engine is added to the openssl.cnf file): > openssl engine ateccx08 -t -post GET_DEVICE_CERT:./device.der > openssl engine ateccx08 -t -post GET_SIGNER_CERT:./signer.der Otherwise you'll have to use an interactive openssl session (see openssl engine -h and engine -vvv for details) > openssl OpenSSL> engine dynamic -pre SO_PATH:/ -pre LIST_ADD:1 -pre ID:ateccx08 -pre LOAD OpenSSL> engine ateccx08 -t -post GET_DEVICE_CERT:./device.der OpenSSL> engine ateccx08 -t -post GET_SIGNER_CERT:./signer.der Then to verify the certs: > openssl x509 -in device.der -inform der -text -noout > openssl x509 -in signer.der -inform der -text -noout To set up your openssl.cnf file Find which openssl.cnf file your instance is using you can: > openssl version -a | grep OPENSSLDIR OPENSSLDIR: "/usr/lib/ssl" will tell you the base location where openssl is looking for the openssl.cnf file. It may be a symbolic link to another location > ls -l /usr/lib/ssl lrwxrwxrwx 1 root root 14 Apr 24 15:22 certs -> /etc/ssl/certs lrwxrwxrwx 1 root root 20 Jan 31 05:53 openssl.cnf -> /etc/ssl/openssl.cnf To set up the openssl.cnf to use the engine: # At the top: openssl_conf = openssl_init # Append to the end: [ openssl_init ] engines = engine_section [ engine_section ] ateccx08 = ateccx08_config [ ateccx08_config ] engine_id = ateccx08 # Or if you sym link the libateccssl.so to the engine directory the next line is not needed dynamic_path = device_key_slot = 0 init = 0 To use the engine in an application you can reference the openssl tests (test/openssl/test_engine.c) but the basic principle is that if the openssl.cnf file is configured correctly all an application really needs to do is add a call to OPENSSL_config if it is not already doing so and then to decide what functionality that the application wants and register it.