The SmartKey™ PKCS#11 library for Linux 64-bit can be downloaded here.
To install, run
sudo ./install.sh. To uninstall, run
The installer copies the SmartKey™ PKCS#11 shared object file (also called library or module) to
You can verify that you can use the SmartKey PKCS#11 library using the
pkcs11-tool utility, which is distributed along with the OpenSC smart card library at https://github.com/OpenSC/OpenSC.
pkcs11-tool --module <module path> --show-info
The expected output is:
Cryptoki version 2.40 Manufacturer Fortanix Library SmartKey PKCS#11 Library (ver 0.3) Using slot 0 with a present token (0x1)
Applications use SmartKey PKCS#11 library to interact with SmartKey for key management and cryptographic operations.
The PKCS#11 specification has notions of slots and tokens, which correspond to physical entities in an HSM.
Multiple clients or applications connecting to a token on an HSM have equal access to the entire key space.
However, SmartKey allows access to several applications simultaneously while guaranteeing strong cryptographic separation of key spaces.
This is equivalent to every application having access to its own HSM.
SmartKey PKCS#11 library implements this by mapping the application credential to the user PIN,
and by having a single slot (numbered 0), with a token (numbered 1) already initialized.
Administration of SmartKey is done using the web UI and using the REST APIs, so the support for doing it through the PKCS#11 library is disabled.
PKCS#11 security officer login is disabled, and will always fail with
Similarly, the administrative functions such as
errors such as
The library can also be used by Java applications using the SunPKCS11 JCE provider. Some examples to build applications using this PKCS#11 library are provided in example code. Please look at our Knowledge Base to learn more about how to configure legacy applications with a PKCS#11 interface to use SmartKey™.