openCryptoki - A PKCS#11 implementation.
is an implementation of the PKCS#11 API standard. It
provides an interface to the functions of underlying cryptographic tokens,
which may be implemented via software or hardware. The PKCS#11 specification
has been released by RSA Labs. More information on PKCS#11 can be found on the
RSA labs website: http://www.rsa.com/rsalabs.
To use openCryptoki, run the pkcsslotd
daemon. The daemon will read the
file to collect information about the tokens and
Use the pkcsconf
utility to further configure openCryptoki once the
daemon is running.
All non-root users that require access to PKCS#11 tokens using openCryptoki must
be assigned to the pkcs11
group to be able to communicate with the
daemon. Only fully trusted users should be granted membership
in the group. Group members can block other openCryptoki users from accessing
PKCS#11 tokens, and execute arbitrary code with the privileges of other