# `NervesKey.PKCS11`
[🔗](https://github.com/nerves-hub/nerves_key_pkcs11/blob/v1.3.0/lib/nerves_key_pkcs11.ex#L6)

This module contains helper methods for loading and using the PKCS #11
module for NervesKey in Elixir. You don't need to use these methods to
use the shared library.

# `certificate_pair`

```elixir
@type certificate_pair() :: :primary | :aux
```

The device/signer certificate pair to use

# `i2c_bus`

```elixir
@type i2c_bus() :: 0..31
```

I2C bus

# `option`

```elixir
@type option() ::
  {:i2c, i2c_bus()}
  | {:certificate, certificate_pair()}
  | {:type, :nerves_key | :trust_and_go}
```

Option for which NervesKey and certificate to use.

* `:i2c` - which I2C bus
* `:certificate` - which NervesKey certificate to use (`:primary` or `:aux`)
* `:type` - if using pre-provisioned ATECC608B Trust and Go parts, specify `:trust_and_go`

# `load_engine`

```elixir
@spec load_engine() :: {:ok, :crypto.engine_ref()} | {:error, any()}
```

Load the OpenSSL engine

# `private_key`

```elixir
@spec private_key(:crypto.engine_ref(), [option()] | {:i2c, i2c_bus()}) :: map()
```

Return the key map for passing a private key to ssl_opts.

This method creates the key map that the `:crypto` library can
use to properly route private key operations to the PKCS #11
shared library.

Options:

* `:i2c` - which I2C bus (defaults to I2C bus 0 (`/dev/i2c-0`))
* `:type` - :nerves_key or :trust_and_go (defaults to :nerves_key)
* `:certificate` - which certificate on the NervesKey to use (defaults to `:primary`)

Passing `{:i2c, 1}` is still supported, but should be updated to use keyword
list form for the options.

---

*Consult [api-reference.md](api-reference.md) for complete listing*