1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
openssl-ibmca for Debian
-----------------------
In order to enable IBMCA, use the following instructions to apply the
configurations from `openssl.cnf.sample` to the `openssl.cnf` file installed
in the host by the OpenSSL package. **WARNING:** you may want to save the
original `openssl.cnf` file before changing it.
In `openssl.cnf.sample`, the *dynamic_path* variable is set to the default
location in Debian, which is
/usr/lib/s390x-linux-gnu/openssl-1.0.2/engine/libibmca.so
Append the `openssl.cnf.sample` file to it `/etc/ssl/openssl.cnf` file;
```
$ cat /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample >> /etc/ssl/openssl.cnf
```
In `openssl.cnf` file, move the *openssl_conf* variable from the bottom to the
top of the file, such as in the example below:
```
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_def
```
Finally, check if the IBMCA is now enabled. The command below should return the
IBMCA engine and all the supported cryptographic methods.
```
$ openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RAND, DES-ECB, DES-CBC, DES-OFB, DES-CFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-OFB,
DES-EDE3-CFB, AES-128-ECB, AES-192-ECB, AES-256-ECB, AES-128-CBC, AES-192-CBC,
AES-256-CBC, AES-128-OFB, AES-192-OFB, AES-256-OFB, AES-128-CFB, AES-192-CFB,
AES-256-CFB, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, SHA1, SHA256, SHA512]
$
```
-- Paulo Vital <pvital@gmail.com> Wed, 20 Sep 2017 10:47:45 -0300
|
