Fastpath to openCryptoki

Edit online

Read this section for an overview of the steps and a fastpath to the most important actions required for preparing openCryptoki to be used by an application. Each step contains a reference to a detailed description in most cases within this document, or to external documentation.

  1. Install openCryptoki and observe the post-installation checks: see Installing openCryptoki and Post-installation checks.
  2. Start the pkcsslotd slot manager – unless this step is done by the installation: see Starting the slot manager.
  3. If you want to use CCA or EP11 tokens you may want to adjust their respective configuration files: see Defining a CCA token configuration file and Defining an EP11 token configuration file.
  4. Before you use a CCA or EP11 token, you must install the CCA or EP11 host package and set the CCA master keys or the EP11 wrapping key in the according domains of the Crypto Express adapter: see Secure Key Solution with the Common Cryptographic Architecture Application Programmer's Guide or Exploiting Enterprise PKCS #11 using openCryptoki.
  5. Prepare the token you want to use by performing the following sub-steps:
    1. Initialize the token.
    2. Change the SO PIN of the token (required in order to change the default SO PIN applied by openCryptoki during token initialization).
    3. Set the User PIN of the token.

    You can perform all of these sub-steps using the pkcsconf utility: see Managing tokens - pkcsconf utility.

  6. Add the user(s) of processes that use openCryptoki to thepkcs11 group: see Access control and groups.
  7. Optional: Apply global policies to restrict the usage of unwanted mechanisms and keys: see Supporting cryptographic policies for openCryptoki.

Steps 1 through 6 are the minimal steps needed to prepare openCryptoki for using the most basic functions. The purpose of this publication is to provides you with all background information to understand how openCryptoki works and to document all options available with openCryptoki.