Public Key Cryptography Standards #11 tools

Edit online

Two tools are available for managing cryptographic systems within the AIX operating system: the PKCS #11 Key Management tool, and the PKCS #11 Administration tool. You can access these tools by using either the Curses-based GUI or command line interface.

Note: Accessibility for the AIX cryptographic framework tools requires the use of the batch processing capabilities. For detailed information about using the batch processing capabilities for Accessibility, see Batch processing.

The PKCS #11 Key Management tool is the centralized tool for managing keys, certificates, and PKCS #11 data on the AIX operating system. The objects managed by this tool are stored either within supported PKCS #11 providers, such as the IBM® family of cryptographic adapters (for example, IBM 4758, 4960, and 4764), or the AIX Cryptographic Framework. You can perform various operations by using the PKCS #11 Key Management tool. These operations include creating a PKCS #10 Certificate Signing Request (CSR) or generating self-signed certificates. In addition, you can use this tool to search, view, delete, import, export, and backup PKCS #11 object data as well as transport PKCS #11 object data between PKCS #11 tokens. You can start the GUI version of the tool by running the p11km command. The tool loads all of the available PKCS #11 tokens. You can view details about these tokens by using the arrow keys to scroll up and down the list of tokens. To select a token, use the arrow keys to highlight the token and press the Enter key. You can start the command line version of the tool by running the following command:

p11km -b <batchfile>

The PKCS #11 Administration tool is the centralized tool for managing the AIX PKCS #11 Cryptographic Framework. This tool allows an administrator or security officer to manage the tokens controlled by the AIX Cryptographic Framework. You can use this tool to initialize, create, and destroy PKCS #11 tokens, manage slots, reset user passwords, confirm object deletions, specify object trust, and perform AIX Cryptographic Framework tuning for performance and general administration. You can start the GUI version of the tool by running the p11admin command. The tool loads all of the available PKCS #11 tokens. You can view details about these tokens by using the arrow keys to scroll up and down the list of tokens. To select a token, use the arrow keys to highlight the token and press the Enter key. You can start the command line version of the tool by running the following command:

p11admin -b <batchfile>