opencryptoki(7) [centos man page]

OPENCRYPTOKI(7) 						   openCryptoki 						   OPENCRYPTOKI(7)

NAME

       openCryptoki - A PKCS#11 implementation.

DESCRIPTION

       openCryptoki  is  an  implementation  of  the  PKCS#11  API standard. It provides an interface to the functions of underlying cryptographic
       tokens, which may be implemented via software or hardware. The PKCS#11 specification has been released by RSA  Labs.  More  information	on
       PKCS#11 can be found on the RSA labs website: http://www.rsa.com/rsalabs.

       To  use openCryptoki, run the pkcsslotd daemon. The daemon will read the opencryptoki.conf file to collect information about the tokens and
       their slots.

       Use the pkcsconf utility to further configure openCryptoki once the daemon is running.

SECURITY NOTE

       All non-root users that require access to PKCS#11 tokens using openCryptoki must be assigned to the pkcs11 group to be able to  communicate
       with  the  pkcsslotd daemon. Only fully trusted users should be granted membership in the group. Group members can block other openCryptoki
       users from accessing PKCS#11 tokens, and execute arbitrary code with the privileges of other openCryptoki users.

SEE ALSO

       pkcsslotd(8),
       pkcsconf(1),
       opencryptoki.conf(5).

3.0								     May 2007							   OPENCRYPTOKI(7)

PKCSICSF(1)							   openCryptoki 						       PKCSICSF(1)

NAME

       pkcsicsf - configuration utility for the ICSF token

SYNOPSIS

       pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]

DESCRIPTION

       The pkcsicsf utility lists available ICSF tokens and allows user to add one specific ICSF token to opencryptoki.

       The ICSF token must be added first to opencryptoki. This creates an entry in the opencryptoki.conf file for the ICSF token. It also creates
	a  token_name.conf  configuration  file  in  the same directory as the opencryptoki.conf file, containing ICSF specific information.  This
       information is read by the ICSF token.

       The ICSF token must bind and authenticate to an LDAP server.  The supported authentication mechanisms are simple and sasl.   One  of  these
       mechanisms must be entered when listing the available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only
       one ICSF token.

       The system admin can either allow the ldap calls to utilize exisiting ldap configs, such as ldap.conf or .ldaprc for bind  and  authentica-
       tion information or set the bind and authentication information within opencryptoki by using this utility and its options.  The information
       will then be placed in the token_name.conf file to be used in the ldap calls. When using simple authentication, the user will  be  prompted
       for the racf password when listing or adding a token.

OPTIONS

       -a token name
		 add the specified ICSF token to opencryptoki.

       -b BINDND the distinguish name to bind when using simple authentication

       -c client-cert-file
		 the client certificate file when using SASL authentication

       -C CA-cert-file
		 the CA certificate file when using SASL authentication

       -h	 show usage information

       -k privatekey
		 the client private key file when using SASL authentication

       -m mechanism
		 the authentication mechanism to use when binding to the LDAP server (this should be either simple or sasl)

       -l	 list available ICSF tokens

       -h	 show usage information

FILES

       /etc/opencryptoki/opencryptoki.conf
	      the opencryptoki config file containing token configuration information

       /etc/opencryptoki/token_name.conf
	      contains ICSF configuration information for the ICSF token

SEE ALSO

       opencryptoki(7),
       pkcsslotd(8).
       pkcsconf(8).

3.0								    April 2013							       PKCSICSF(1)