OpenSSL is everywhere - but when private keys must be protected by hardware, traditional file-based workflows break down. This is where PKCS#11 and Hardware Security Modules (HSMs) enter the picture.

This talk introduces PKCS#11 as the standard API for accessing cryptographic objects without exposing key material. We briefly cover what HSMs are, why they are used in production environments, and how they differ from software key stores. And finally we combine all pieces together showing how OpenSSL delegates cryptographic operations to HSMs via PKCS#11.