Download OpenPACE

You can download the latest release of OpenPACE on Github. Older releases are still available on Sourceforge.

If you plan to make contribution, you can clone our git repository to later make a pull request on Github:

git clone

Alternatively, the current developement version is available as zip file or as precompiled Windows 32 bit binaries and 64 bit binaries.

Compiling and Installing OpenPACE

Setting up a development environment using Vagrant

The easiest way to setup a development or test environment is to use Vagrant 4 with VirtualBox 5. OpenPACE comes with a Vagrantfile which lets you setup a working environment with just one command. To create a Ubuntu based virtual machine, install all dependencies and compile OpenPACE, run the following command in the OpenPACE directory:

vagrant up

You then need to vagrant ssh in order to access the VM. The openpace folder is shared between the host and the VM so any changes you make on the host are immediately visible in the VM and vice versa.

Compiling on Linux, Unix and similar

OpenPACE uses the GNU Build System to compile and install. If you are unfamiliar with it, please have a look at INSTALL. If you can not find it, you are probably working bleeding edge in the repository. Run the following command in openpace to get the missing standard auxiliary files:

autoreconf --verbose --install

To configure (./configure --help lists possible options), build and install OpenPACE now do the following:

make install

OpenPACE depends on the OpenSSL 2 library. Since PACE uses CMAC and the Brainpool curves, OpenSSL is required with version 1.0.2 or later.

Furthermore, additional object identifiers from BSI TR-03110 1 are required. You have two options to get them to work:

  1. Let OpenPACE load the object identifiers at runtime

  2. Patch OpenSSL to include the identifiers

The first option allows you to install an unchanged version of OpenSSL to your system. However, performance will be slightly worse and there are some limitations. For example, you won’t be able to use the new NIDs as labels in a switch statement and you need to make sure to call EAC_init() first. For patching OpenSSL we provide bsi_objects.txt. You can configure OpenPACE with --enable-openssl-install, which will automatically download, patch, build and install OpenSSL if needed.

The language bindings for Python, Java, … are currently disabled by default. You need to explicitely configure OpenPACE to install them by using --enable-python, --enable-java, … This requires SWIG to be installed along with the language’s toolchain to build the bindings.

Compiling for Windows

Compiling with Visual Studio

A quick and dirty way without wasting too much time on setting up the development environment would be to compile the library by hand in the Visual Studio Tools ‣ Developer Command Prompt with installed OpenSSL Windows binaries 6:

  - cd src
  - cl /I%OPENSSL_DIR%\include /I. /DX509DIR=\"/\" /DCVCDIR=\"/\" %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
  - lib /out:libeacMT.lib ws2_32.lib ca_lib.obj cv_cert.obj cvc_lookup.obj x509_lookup.obj eac_asn1.obj eac.obj eac_ca.obj eac_dh.obj eac_ecdh.obj eac_kdf.obj eac_lib.obj eac_print.obj eac_util.obj misc.obj pace.obj pace_lib.obj pace_mappings.obj ri.obj ri_lib.obj ta.obj ta_lib.obj objects.obj ssl_compat.obj
  - cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% eactest.c vc.c ssl_compat.c
  # The following has already been performed by make (see above)
  # gengetopt.exe --include-getopt --file-name=cvc-print-cmdline --input=cvc-print.ggo
  - cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% cvc-print.c read_file.c cvc-print-cmdline.c vc.c
  # The following has already been performed by make (see above)
  # gengetopt.exe --include-getopt --file-name=cvc-create-cmdline --input= cvc-create.ggo
  - cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% cvc-create.c read_file.c cvc-create-cmdline.c vc.c
  - cd ..

The setup of the environment variables can be found in our Windows CI script which includes all steps of this procedure.

Compiling the Python Bindings

Again, without further ado, we compile the bindings with the Developer Command prompt with installed Python 3:

  - swig -python -outdir . -I.. eac.i
  - cl /I%OPENSSL_DIR%\include /I%PYTHON_INCLUDE% /I..\..\src %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% /c eac_wrap.c ..\..\src\ssl_compat.c ..\..\src\vc.c
  - link /out:_eac.pyd /dll eac_wrap.obj ssl_compat.obj vc.obj %PYTHON_LIB% ..\..\src\libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib
  - cd ..\..

The setup of the environment variables can be found in our Windows CI script which includes all steps of this procedure.