[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: p11tool token management
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: p11tool token management |
Date: |
Wed, 3 Oct 2012 14:23:15 +0200 |
On Tue, Oct 2, 2012 at 11:59 AM, slobozian daniel <address@hidden> wrote:
> Hello,
>
> I'm trying to use p11tool for a server application. I need it to stock
> server's private key and to communicate with the server application that
> uses gnutls API. I don’t have a hardware smart card. Therefore I want to
> use a software p11.
Which one? There are several software PKCS #11 tokens. Which one do you use?
> I supposed that p11tool allows me to do that because the
> command --list-tokens shows me 5 existing tokens (My machine is on ubuntu
> 12.04).
You can check which software modules you have by checking
/etc/pkcs11/modules. Those are the ones that are loaded by p11-kit.
> But there is no option to create a token, only to initialize.
You cannot create tokens using PKCS #11. PKCS #11 is a smart card API,
and it is not easy to create smart cards from software :)
> My first question is if it is possible to stock a private key and a
> certificate with p11tool without a hardware device. If so do I have to
> install any other software in order to create a software token? If, on the
You'll have to install a software token. I cannot recommend any
because I don't know them, but check for soft-hsm or so.
regards,
Nikos