Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Tree [8ab376] cleanup /
History



File Date Author Commit
doc 2006-03-10 mhalcrow mhalcrow [e0ce82] pkcs11_startup man page
misc 2006-01-12 mhalcrow mhalcrow [48ad8b] Flesh out the migration script
rpm 2006-01-26 mhalcrow mhalcrow [2833c1] Bring SPEC file into line with what is in SLES ...
testcases 2006-04-05 danielhjones danielhjones [6a103f] Compiler warning cleanups
usr 2006-04-05 danielhjones danielhjones [8ab376] Removed commented out pid_t def
AUTHORS 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
COPYING 2005-01-14 mhalcrow mhalcrow [24e6ff] Initial revision
COPYRIGHTS 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
ChangeLog 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
FAQ 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
INSTALL 2005-08-23 mhalcrow mhalcrow [54fd97] Correct build instructions.
LICENSE 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
Makefile.am 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
NEWS 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
README 2006-02-10 mhalcrow mhalcrow [4595e8] Make the library patch variable (it could be li...
TODO 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
bootstrap.sh 2005-08-15 mhalcrow mhalcrow [c66603] Backport various bugfixes
configure.in 2006-04-05 danielhjones danielhjones [cc91c9] Modified for 64 bit commands on ppc
install-sh 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
ltconfig 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
ltmain.sh 2005-07-27 mhalcrow mhalcrow [f0cca4] Kent ported pin locking flag fix from TPM token...
missing 2005-01-18 kyoder kyoder [13dfa9] Initial code drop
mkinstalldirs 2005-01-18 kyoder kyoder [13dfa9] Initial code drop

Read Me

openCryptoki README
Package version 2.2.2
Authors:
 Mike Halcrow <mhalcrow@us.ibm.com>
 Kent Yoder <yoder1@us.ibm.com>

OVERVIEW

openCryptoki version 2.2 implements the PKCS#11 specification version
2.11. This package includes several cryptographic tokens, including
the IBM ICA token (requires libICA, which supports zSeries CPACF and
LeedsLite hardware) and an OpenSSL-based software token.


REQUIREMENTS

 - SW token: OpenSSL version 0.9.7 or higher
 - ICA token: libICA version 1.3.6 or higher


BUILD PROCESS

The simplest way to compile this package is to enter the source code
main directory and do the following:

  1. Run the bootstrap.sh script by typing:
        % sh bootstrap.sh
   
  2. Configure the source code by typing:
        % sh ./configure

     If you're planning to install the package into your home directory
     or to a location other than `/usr/local' then add the flag
     `--prefix=PATH' to `configure'. For example, if your home directory  
     is `/home/luser' you can configure the package to install itself there
     by invoking:
        % sh ./configure --prefix=/home/luser
     
     If your stdll headers and libraries are not under any standard
     path, you will need to pass the paths to your files to the
     configure script. For instance:

     $ CPPFLAGS="-L/path/lib" LDFLAGS="-I/path/include" ./configure

     See ./configure --help for info on various options.  The default
     behavior is to build any token whose libraries are found. You may
     disable building any token with its corresponding --disable-<tok>
     configure option.

     While running, `configure' prints some messages telling which
     features is it checking for. 

  3. Compile the package by typing:
        % make
     
  4. Type `make install' to install the programs and any data files and
     documentation. During installation, the following files go to the
     following directories:
        /prefix/sbin/pkcs11_startup
        /prefix/sbin/pkcs_slot
        /prefix/sbin/pkcsconf
        /prefix/sbin/pkcsslotd
        /prefix/libdir/libopencryptoki.so
        /prefix/libdir/libopencryptoki.so.0
        /prefix/libdir/opencryptoki/libopencryptoki.so
        /prefix/libdir/opencryptoki/libopencryptoki.so.0
        /prefix/libdir/opencryptoki/libopencryptoki.so.0.0.0
        /prefix/var/lib/opencryptoki

     Token objects, which may be optionally built, go to the following
     locations:
        /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so
        /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so.0
        /prefix/libdir/opencryptoki/stdll/libpkcs11_ica.so.0.0.0
        /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so
        /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so.0
        /prefix/libdir/opencryptoki/stdll/libpkcs11_sw.so.0.0.0
        /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so
        /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so.0
        /prefix/libdir/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0

     where `prefix' is either `/usr/local' or the PATH that you specified
     in the `--prefix' flag. `libdir' is the name of the library
     directory; for 32-bit libraries it is usually `lib' and for
     64-bit libraries it is usually `lib64'.

     To maintain backwards compatibility, some additional symlinks
     are generated (note that these are deprecated, and applications
     should migrate to use the LSB-compliant names and locations for
     libraries and executables):
        /prefix/lib/opencryptoki/PKCS11_API.so
          - Symlink to /prefix/lib/opencryptoki/libopencryptoki.so
        /prefix/lib/opencryptoki/stdll/PKCS11_ICA.so
          - Symlink to /prefix/lib/opencryptoki/stdll/libpkcs11_ica.so
        /prefix/lib/opencryptoki/stdll/PKCS11_SW.so
	  - Symlink to /prefix/lib/opencryptoki/stdll/libpkcs11_sw.so
        /prefix/lib/pkcs11/PKCS11_API.so
	  - Symlink to /prefix/lib/opencryptoki/libopencryptoki.so
        /prefix/lib/pkcs11
	  - Directory created if non-existent
        /prefix/lib/pkcs11/methods
          - Symlink to /prefix/sbin
        /prefix/lib/pkcs11/stdll
	  - Symlink to /prefix/lib/opencryptoki/stdll
	/prefix/etc/pkcs11
          - Symlink to /prefix/var/lib/opencryptoki

     If any of these directories do not presently exist, they will be
     created on demand. Note that if ``prefix'' is ``/usr'', then
     /prefix/var and /prefix/etc resolve to /var and /etc. On the
     ``make install'' stage, if content exists in the old
     /prefix/etc/pkcs11 directory, it will be migrated to the new
     /prefix/var/lib/opencryptoki location.

     If you are installing in your home directory make sure that 
     `/home/luser/bin' is in your path. If you're using the bash shell
     add this line at the end of your .cshrc file:
        PATH="/home/luser/bin:${PATH}"
        export PATH
     If you are using csh or tcsh, then use this line instead:
        setenv PATH /home/luser/bin:${PATH}
     By prepending your home directory to the rest of the PATH you can
     override systemwide installed software with your own custom installation.

RUNNING

     See:
     http://www-128.ibm.com/developerworks/security/library/s-pkcs/index.html

     openCryptoki defaults to be usable by anyone who is in the group
     ``pkcs11''.

     In this version of openCrypoki, the default SO PIN is 87654321,
     and the default user PIN is 12345678. These should both be
     changed to different PIN values before use. You can change the
     SO PIN by running pkcsconf:
       % pkcsconf -I

     You can change the user PIN by typing:
       % pkcsconf -u

     You can select the token with the -c command line option; refer
     to the documentation linked to above for further instructions.