Hi Sir/Madam,

I've been loading the private key from the PKCS11 token into my application using the code below. I'm attempting to use an API, such as get_key(privkey), to pass this private key to another library called (foo);

Would it then be feasible for me to use the privkey from this function to perform a sign operation from the foo library? Or is there a rule in the PKCS11 engine that requires the key to be loaded each time it is needed? Then, my application and the foo library must call the code below separately ?

ENGINE *e = NULL;

#define PKCS11_MODULE_PATH "/usr/lib/libckteec.so" #define PRIV_URI "pkcs11:id=%12;type=private;pin-value=5432" e = ENGINE_by_id("pkcs11"); if (!e) { fprintf(stderr, "Error loading dynamic engine\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); } // Set the PKCS#11 module path if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", PKCS11_MODULE_PATH, 0)) { fprintf(stderr, "Error setting PKCS#11 module path\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); } // Initialize the engine if (!ENGINE_init(e)) { fprintf(stderr, "Error initializing the engine\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); }

privkey = ENGINE_load_private_key(e, PRIV_URI, NULL, NULL); if (!privkey) { fprintf(stderr, "Error loading private key\n"); ERR_print_errors_fp(stderr); } ENGINE_free(e);