p11tool token management
slobozian daniel
danut_12 at yahoo.com
Thu Oct 4 10:59:38 CEST 2012
Hello,
Thank you for your answers. You were very helpful. I have some errors when using gnutls 3.1.1 APIbut i will post them in another thread.
regards,
Daniel Slobozian
________________________________
From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
To: slobozian daniel <danut_12 at yahoo.com>
Cc: "help-gnutls at gnu.org" <help-gnutls at gnu.org>
Sent: Wednesday, October 3, 2012 2:23 PM
Subject: Re: p11tool token management
On Tue, Oct 2, 2012 at 11:59 AM, slobozian daniel <danut_12 at yahoo.com> wrote:
> Hello,
>
> I'm trying to use p11tool for a server application. I need it to stock
> server's private key and to communicate with the server application that
> uses gnutls API. I don’t have a hardware smart card. Therefore I want to
> use a software p11.
Which one? There are several software PKCS #11 tokens. Which one do you use?
> I supposed that p11tool allows me to do that because the
> command --list-tokens shows me 5 existing tokens (My machine is on ubuntu
> 12.04).
You can check which software modules you have by checking
/etc/pkcs11/modules. Those are the ones that are loaded by p11-kit.
> But there is no option to create a token, only to initialize.
You cannot create tokens using PKCS #11. PKCS #11 is a smart card API,
and it is not easy to create smart cards from software :)
> My first question is if it is possible to stock a private key and a
> certificate with p11tool without a hardware device. If so do I have to
> install any other software in order to create a software token? If, on the
You'll have to install a software token. I cannot recommend any
because I don't know them, but check for soft-hsm or so.
regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20121004/f6d3e13a/attachment.htm>
More information about the Gnutls-help
mailing list