Installing openCryptoki

The available tokens are part of the openCryptoki package. The package comes with manual pages (man pages) that describe the usage of the tools and the format of the configuration files. The openCryptoki package in turn is shipped with the Linux® on IBM® Z distributions. This package might be split into several packages by the distributions, thus allowing to install individual tokens separately.

Check whether you already installed openCryptoki in your current environment, for example:
$ rpm -qa | grep -i opencryptoki /* for RPM */ 
$ dpkg -l | grep -i opencryptoki /* for DEB */
Note: The command examples are distribution dependent. opencryptoki must in certain distributions be specified as openCryptoki (case-sensitive).

You should see all installed openCryptoki packages. If required packages are missing, use the installation tool of your Linux distribution to install the appropriate openCryptoki RPM or DEB.

Notes:
  • You can update an installed version of openCryptoki with a package of a newer version. Depending on the tokens to be used, further libraries need to be installed and cryptographic adapters must be enabled. If you had built openCryptoki from the source before, you must remove any previous installation of openCryptoki (make uninstall), before you can install a distribution package for a new openCryptoki version.
  • Some tokens need a token-specific library to be installed on the system as a prerequisite for usage. These are mentioned for each token in Part 4. Token specifications.

Installing from the RPM or DEB package

The openCryptoki packages are delivered by the distributors. Distributors build these packages as RPM or DEB packages for delivering them to customers.

Customers can install these openCryptoki packages by using the installation tool of their selected distribution.

  • If you received openCryptoki as an RPM package, follow the RPM installation process that is described in the RPM Package Manager man page.
  • If you received an openCryptoki DEB package, you can use the dpkg - package manager for Debian described in the dpkg man page.

The installation from either an RPM or DEB package is the preferred installation method.

Installing from the source package

As an alternative, for example for development purposes, you can get the latest version (inclusive latest patches) from the GitHub repository and build it yourself. But this version is not serviced. It is suitable for non-production systems and early feature testing, but you should not use it for production.

In this case, refer to the INSTALL file in the top level of the source tree. You can start from the instructions that are provided with the subtopics of this INSTALL file and select from the described alternatives. If you use this installation method parallel to the installation of a package from your distributor, then you should keep both installations isolated from each other.

  1. Download the latest version of the openCryptoki sources from:
    https://github.com/opencryptoki/opencryptoki/releases
  2. Decompress and extract the compressed tape archive (tar.gz - file). There is a new directory named like opencryptoki-3.xx.x.
  3. Change to that directory and issue the following scripts and commands:
    $ ./bootstrap.sh
    $ ./configure    
    $ make
    $ make install

    The scripts or commands perform the following functions:

    bootstrap
    Initial setup, basic configurations
    configure
    Check configurations and build the makefile. You can specify several options here to overwrite the defaults. For example, not all tokens are built as the default. To build the CCA token as an example, specify ./configure --enable_ccatok
    make
    Compile and link
    make install
    Install the libraries
Note: When installing openCryptoki from the source package, the location of some installed files will differ from the location of files installed from an RPM or DEB package.

Post-installation checks

After a successful installation, perform the following checks: