openssl-ibmca for Debian
-----------------------

In order to enable IBMCA, use the following instructions to apply the
configurations from `openssl.cnf.sample` to the `openssl.cnf` file installed
in the host by the OpenSSL package. **WARNING:** you may want to save the
original `openssl.cnf` file before changing it.

In `openssl.cnf.sample`, the *dynamic_path* variable is set to the default
location in Debian, which is
/usr/lib/s390x-linux-gnu/openssl-1.0.2/engine/libibmca.so

Append the `openssl.cnf.sample` file to it `/etc/ssl/openssl.cnf` file;

```
$ cat /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample >> /etc/ssl/openssl.cnf
```

In `openssl.cnf` file, move the *openssl_conf* variable from the bottom to the
top of the file, such as in the example below:

```
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_def
```

Finally, check if the IBMCA is now enabled. The command below should return the
IBMCA engine and all the supported cryptographic methods.

```
$ openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RAND, DES-ECB, DES-CBC, DES-OFB, DES-CFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-OFB,
 DES-EDE3-CFB, AES-128-ECB, AES-192-ECB, AES-256-ECB, AES-128-CBC, AES-192-CBC,
 AES-256-CBC, AES-128-OFB, AES-192-OFB, AES-256-OFB, AES-128-CFB, AES-192-CFB,
 AES-256-CFB, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, SHA1, SHA256, SHA512]
$
```

 -- Paulo Vital <pvital@gmail.com>  Wed, 20 Sep 2017 10:47:45 -0300