Soft token

Edit online

The Soft token is often used for test purposes before you let your application access one of the other available tokens in openCryptoki. View a list of PKCS #11 mechanisms supported by the Soft token.

As a prerequisite for an operational Soft token, the OpenSSL library called libcrypto must be installed (see Figure 3).

With OpenSSL 3.0 there is no way for a Soft token to obtain the intermediate digest state from a digest operation, which was possible with earlier versions of OpenSSL. This leads to the fact that for operations that involve digests, function C_GetOperationState() returns CKR_STATE_UNSAVEABLE when built against OpenSSL 3.0. This affects digest operations using C_DigestInit(), C_DigestUpdate(), and C_DigestFinal(), but also sign and verify operations with mechanisms involving digests. This is explicitly allowed by the PKCS #11 standard for function C_GetOperationState(): An attempt to save the cryptographic operations state of a session which is performing an appropriate cryptographic operation (or two), but which cannot be satisfied, for example, because certain necessary state or key information cannot leave the token, should fail with the error CKR_STATE_UNSAVEABLE.

Note: The Soft token directory must not be located in a directory that is either an NFS or a CIFS file system, but must be located in a file system that supports the flock() function which manages file locks.