To verify the current system-wide configuration, enter the following command:. See -M for a list of mechanisms supported by your token. The first part of the slot description is from the operating system. If the softtoken slot of the openCryptoki software is installed, you see the Sun Crypto Accelerator SCA slot first followed by the softtoken slot as follows:. Because this behavior is not acceptable, public token objects are not allowed. This can be observed in the PKCS 11 log file. When the Keystore slot is used, a crypto job may be sent to either board based on the board state.

Uploader: Shazahn
Date Added: 15 May 2007
File Size: 61.78 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 55753
Price: Free* [*Free Regsitration Required]

If the job fails pinux to a software slot, such as Sun Softtoken, the key could be revealed on the host memory. The Sun Metaslot also supports failover.

Building PKCS#11 Applications for Use With the Sun Crypto Accelerator Board

See Appendix B for details on openCryptoki software. Some examples to build applications using this PKCS 11 library are provided in example code.

Thus, the board can be administered using the system commands. Enter the following command to use the board keystore.

Pkcs11Admin – GUI tool for administration of PKCS#11 enabled devices

Note – This configuration applies to the sensitive token keys only. By pkcss11 so, the keys securely stored on the board might be revealed on the host memory. In PKCS 11, public token objects are token objects that are visible and deletable without authentication. This option is most useful when used with either –login or –pin. These slots are useful for diagnosis because they are directly associated with a board.


Logs can also be redirected to another file in the filesystem specified in the configuration file described above. The Keystore slot has the advantage of hardware redundancy and load balancing when there are more than one board on the system with the same keystore.

To access the Sun Crypto Accelerator keystore through Sun Metaslot, you must use one of the following configurations.


To protect the secure keys, enter the following command:. The Hardware slot is bound to and dedicated to a hardware device. There should be three hardware slots per board.

However, SmartKey allows access to several applications simultaneously while guaranteeing strong cryptographic separation of key spaces. These slots are directly accessible when the device is uninitialized or when it is in diagnostic mode. Also, if one board is not available due to a hardware failure, the job is sent to the other board. The Sun Metaslot uses all of the cryptographic engines on the system, including the board; thus, it provides the maximum functionality.

The Sun Crypto Accelerator software defines the default values for some attributes as listed in the following table. This option is not needed if a PIN is provided on the command line.

The Sun Metaslot uses the board for the mechanisms it supports, and it uses other slots, including the Oracle Solaris software implementation, for the mechanisms not supported by the board.


The Keystore slot description and the token label for the board are made up of the keystore name padded with spaces. SmartKey PKCS 11 library implements this by mapping pinux application credential to the user PIN, and by having a single slot numbered 0with a token numbered 1 already initialized.

When the auto key migration is disabled, sensitive token keys are not automatically migrated to other slots. Options –login, -l Authenticate to the token before performing other operations.

pkcs11-tool(1) – Linux man page

If the softtoken slot of the openCryptoki software is installed, you see the Sun Crypto Accelerator SCA slot first followed by the softtoken slot as follows:. Once set, the user PIN can be changed using –change-pin.

All the function calls made into the PKCS 11 library are logged in the log file along with the return value for these calls.

This can be observed in the PKCS 11 log file. Token objects must all fit in lniux RAM on the board, and the driver limits the size of the keystore to 16 Mbytes. Site Search Library linux docs linux man pages page load time Toys world sunlight moon phase trace explorer. If provided, the client certificate and key are used to authenticate to the the server.