Skip to content
/ opencryptoki Public
forked from opencryptoki/opencryptoki

openCryptoki is a PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing.

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE
Unknown
COPYING
0 stars 57 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dodys/opencryptoki

BranchesTags
 
 

Repository files navigation

openCryptoki

Package version 3.10.0

Please see ChangeLog for release specific information.

OVERVIEW

openCryptoki version 3.10.0 implements the PKCS#11 specification version 2.20.

This package includes several cryptographic tokens: CCA, ICA, TPM , SWToken, ICSF and EP11.

For a more in-depth overview of openCryptoki, please refer to the HOWTO

REQUIREMENTS:

  • IBM ICA - requires libica library version 2.3.0 or higher for accessing ICA hardware crypto on IBM zSeries.

  • IBM CCA - requires IBM XCrypto CEX3C card (or higher) and the CEX3C host libraries and tools version 4.1 (or higher).

  • TPM - requires a TPM, TPM tools, and TCG software stack.

  • SWToken - The software token uses OpenSSL version 0.9.7 or higher.

  • ICSF - The Integrated Cryptographic Service Facility (ICSF) token requires openldap and openldap client software version 2.4.23 or higher. Lex and Yacc are also required to build this token.

  • EP11 - The EP11 token is a token that uses the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) configured with Enterprise PKCS#11 (EP11) firmware.

BUILD PROCESS

The simplest way to compile this package is to enter the source code main directory and do the following:

  1. Run the bootstrap.sh script by typing:
    $ ./bootstrap.sh
  1. Configure the source code by typing:
    $ ./configure

If you're planning to install the package into your home directory or to a location other than /usr/local then add the flag --prefix=PATH to configure. Fox example, if your home directory is /home/luser you can configure the package to install itself there by invoking:

    $ ./configure --prefix=/home/luser

If your stdll headers and libraries are not under any standard path, you will need to pass the paths to your files to the configure script. For instance:

    $ CPPFLAGS="-L/path/lib" LDFLAGS="-I/path/include" ./configure

See ./configure --help for info on various options. The default behavior is to build a default token implicitly. For the s390 platform, the default token is ICA. For other platforms, the default token is the software token. Other tokens may be enabled using the corresponding --enable-<tok> configuration option provided the appropriate libraries are available.

While running, configure prints some messages telling which features is it checking for.

  1. Compile the package by typing:
    $ make
  1. openCryptoki defaults to be usable by anyone who is in the group pkcs11. Add the pkcs11 group before installing it, by typing as root the command:
    # groupadd pkcs11

In addition, add the necessary user to the pkcs11 group (root doesn't need to be in pkcs11 group):

    # usermod -G pkcs11 <user>
  1. Type make install (as root) to install the programs and any data files and documentation. During installation, the following files go to the following directories:
    /prefix/sbin/pkcsconf
    /prefix/sbin/pkcsslotd
    /prefix/sbin/pkcsicsf
    /prefix/libdir/libopencryptoki.so
    /prefix/libdir/libopencryptoki.so.0
    /prefix/libdir/opencryptoki/libopencryptoki.so
    /prefix/libdir/opencry