softhsm.conf(5) [debian man page]
softhsm.conf(5) File Formats Manual softhsm.conf(5) NAME
softhsm.conf - SoftHSM configuration file SYNOPSIS
softhsm.conf DESCRIPTION
In PKCS#11 you need tokens in order to do cryptographic operations. Tokens can be viewed as object stores where you can store e.g. private and public keys. A token must then be attached to a slot so that you can use it. Slots and tokens are handled by the SoftHSM configuration file. The given paths in the configuration file are just an indication to SoftHSM on where it should store the information for each token. The token databases will be created when the tokens gets initialized. FILE FORMAT
Each pair of slot and token are configured on one line. Starting with an unsigned integer as the slot ID and then a path where SoftHSM can create a SQLite database. These parameters are separated by a semicolon. It is OK to have extra space between the parameters, since these will be ignored. <Slot_ID>:<Path_to_the_token_database> It is also possible to add comments in the file by using the hash sign. Anything after the hash sign will be ignored. #<text> Any line that does not have the correct format will be ignored. EXAMPLE
0:/var/softhsm/slot0.db 1:/home/user/token.database # My own token ENVIRONMENT
SOFTHSM_CONF When defined, the value will be used as path to the configuration file. FILES
/etc/softhsm/softhsm.conf default location of the SoftHSM configuration file /etc/softhsm/softhsm.conf.sample an example of a SoftHSM configuration file AUTHOR
Written by Rickard Bellgrim. SEE ALSO
softhsm(1), softhsm-keyconv(1). SoftHSM 21 December 2009 softhsm.conf(5)
Check Out this Related Man Page
PKCSICSF(1) openCryptoki PKCSICSF(1) NAME
pkcsicsf - configuration utility for the ICSF token SYNOPSIS
pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k privatekey] [-m mechanism] [-u URI] DESCRIPTION
The pkcsicsf utility lists available ICSF tokens and allows user to add one specific ICSF token to opencryptoki. The ICSF token must be added first to opencryptoki. This creates an entry in the opencryptoki.conf file for the ICSF token. It also creates a token_name.conf configuration file in the same directory as the opencryptoki.conf file, containing ICSF specific information. This information is read by the ICSF token. The ICSF token must bind and authenticate to an LDAP server. The supported authentication mechanisms are simple and sasl. One of these mechanisms must be entered when listing the available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only one ICSF token. The system admin can either allow the ldap calls to utilize exisiting ldap configs, such as ldap.conf or .ldaprc for bind and authentica- tion information or set the bind and authentication information within opencryptoki by using this utility and its options. The information will then be placed in the token_name.conf file to be used in the ldap calls. When using simple authentication, the user will be prompted for the racf password when listing or adding a token. OPTIONS
-a token name add the specified ICSF token to opencryptoki. -b BINDND the distinguish name to bind when using simple authentication -c client-cert-file the client certificate file when using SASL authentication -C CA-cert-file the CA certificate file when using SASL authentication -h show usage information -k privatekey the client private key file when using SASL authentication -m mechanism the authentication mechanism to use when binding to the LDAP server (this should be either simple or sasl) -l list available ICSF tokens -h show usage information FILES
/etc/opencryptoki/opencryptoki.conf the opencryptoki config file containing token configuration information /etc/opencryptoki/token_name.conf contains ICSF configuration information for the ICSF token SEE ALSO
opencryptoki(7), pkcsslotd(8). pkcsconf(8). 3.0 April 2013 PKCSICSF(1)