OPENCRYPTOKI(7) openCryptoki OPENCRYPTOKI(7)NAME
openCryptoki - A PKCS#11 implementation.
DESCRIPTION
openCryptoki is an implementation of the PKCS#11 API standard. It pro‐
vides an interface to the functions of underlying cryptographic tokens,
which may be implemented via software or hardware. The PKCS#11 specifi‐
cation has been released by RSA Labs. More information on PKCS#11 can
be found on the RSA labs website: http://www.rsa.com/rsalabs.
To use openCryptoki, first run pkcs11_startup to initialize the con‐
tents of the pk_config_data file. Then run the pkcsslotd daemon. At
this point, openCryptoki is ready to start receiving PKCS#11 requests
from user applications. If openCryptoki is included by your distro, its
likely that pkcs11_startup is run automatically by an init script.
Use the pkcsconf utility to further configure openCryptoki once the
daemon is running.
SECURITY NOTE
All non-root users that require access to PKCS#11 tokens using open‐
Cryptoki must be assigned to the pkcs11 group to be able to communicate
with the pkcsslotd daemon. Only fully trusted users should be granted
membership in the group. Group members can block other openCryptoki
users from accessing PKCS#11 tokens, and execute arbitrary code with
the privileges of other openCryptoki users.
SEE ALSOpkcsslotd(8),
pkcsconf(1),
pk_config_data(5),
pkcs11_startup(1).
2.4.3.1 May 2007 OPENCRYPTOKI(7)