About this document

Edit online

openCryptoki is an open source implementation of the Cryptoki API defined by the PKCS #11 Cryptographic Token Interface Standard.

This documentation is intended for the following audience:

openCryptoki administrators manage the so called tokens that are plugged into the openCryptoki framework. They are responsible for adding these tokens to the slots of openCryptoki and, if applicable, for configuring these tokens. They also use either openCryptoki common tools or token-specific tools for administrating the configured tokens.

Application programmers write PKCS #11 programs that exploit the cryptographic services provided by a configured openCryptoki token. The services of such a token either exploit IBM Z® cryptographic hardware or they are also backed by software tokens (Soft token).

This documentation is divided into the following parts:

  • Common features of openCryptoki describes the openCryptoki architecture and informs about configuration actions that must be performed for all applications that want to exploit these openCryptoki features. Most of the provided information is of interest for both, openCryptoki administrators and application programmers.
  • Common tools of openCryptoki documents management and key migration tools that are helpful for openCryptoki administrators to enable openCryptoki exploitation through programs.
  • Token specifications presents to application programmers the documentation of the token-specific mechanisms and information about the contents of a token directory. If a token needs additional token-specific configuration, before it can be accessed by a cryptographic application, openCryptoki administrators find the required information here.
  • IBM-specific mechanisms and features for openCryptoki documents numerous data definitions and features, for example, mechanisms, functions, and attributes contributed by IBM to the openCryptoki framework. You find information whether the described features are available across multiple token-types or for certain tokens only.
  • Programming basics and user scenarios documents the basic structure of openCryptoki applications and presents a simple, but complete code sample for an RSA key pair generation. This part also provides a user scenario showing how to set up a Soft token on a server for use from an application on a remote client.