Command Summary | Utimaco Integration Guides

Commands Used	Purpose
`mkdir -p /etc/utimaco/bin`	Create a directory for Utimaco binaries
`mkdir /etc/utimaco/lib`	Create a directory to store PKCS#11 library
`cp ~/path_to_application_folder/lib/libcs_pkcs11_R3.so /etc/utimaco/lib`	Copy Utimaco PKCS#11 library to system path
`cd ~/path_to_application_folder`	Navigate to application directory
`cp csadm p11tool2 /etc/utimaco/bin`	Copy PKCS#11 admin and utility tools
`chmod +x /etc/utimaco/bin/csadm /etc/utimaco/bin/p11tool2`	Make tools executable
`mkdir /etc/utimaco/PKCS11`	Create a directory for PKCS#11 configuration
`cd <install directory>/Software/Linux/x86-64/Crypto_APIs/PKCS11_R3/sample # cp` `cs_pkcs11_R3.cfg /etc/utimaco/PKCS11 # cd /etc/utimaco/PKCS11`	Copy the PKCS#11 configuration file
`./p11tool2 slot=<slot_no> Label=<token_label> Login=ADMIN,ADMIN.key` `InitToken=<SO_PIN>`	Initialize the HSM token with Security Officer (SO) PIN
`./p11tool2 slot=0 LoginSO=<SO_PIN> InitPin=<CryptoUser_PIN>`	Set the Crypto User PIN
`wget https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.59.tar.bz2`	Download `libgpg-error` source package
`tar -xjf libgpg-error-1.59.tar.bz2`	Extract the downloaded package
`export PATH=/usr/local/bin:$PATH`	Update the execution path
`export LD_LIBRARY_PATH=/usr/local/lib`	Set the library path for runtime linking
`gpg --version`	Verify GnuPG installation
`sudo apt update`	Refresh the package index
`sudo apt install -y libssl-dev`	Install OpenSSL development libraries
`pkg-config --modversion libcrypto`	Check OpenSSL (libcrypto) version
`sudo apt install -y libpkcs11-helper1-dev`	Install the PKCS#11 helper library
`dpkg -L libpkcs11-helper1-dev \| grep pkgconfig`	grep pkgconfig`
`export PKG_CONFIG_PATH=/usr/lib/x86_64-linux-gnu/pkgconfig`	Set pkg-config search path
`pkg-config --modversion libpkcs11-helper-1`	Confirm PKCS#11 helper installation
`gpg --list-keys`	List available GPG keys
`cp /usr/local/src/gnupg-pkcs11-scd-0.11.0/gnupg-pkcs11-scd/gnupg-pkcs11-scd.conf.example /root/.gnupg/gnupg-pkcs11-scd.conf`	Copy PKCS#11 smart card daemon config
`./p11tool2 Slot=0 LoginUser=Gnupg1234 PubKeyAttr=CKA_LABEL="GPGPublicKey",CKA_MODULUS_BITS=2048,CKA_ID=0x45 PrvKeyAttr=CKA_LABEL="GPGPrivateKey",CKA_EXTRACTABLE=CK_TRUE,CKA_ID=0x45 GenerateKeyPair=RSA`	Generate an RSA key pair inside HSM
`./p11tool2 Slot=0 LoginUser=Gnupg1234 ListObjects`	List objects stored in the HSM
`apt install -y libengine-pkcs11-openssl`	Install the OpenSSL PKCS#11 engine
`echo "Welcome to Utimaco" > message.txt`	Create a test message file
`gpg --output message.txt.signed --sign --default-key test@utimaco.com message.txt`	Digitally sign a file using GPG
`gpg --verify message.txt.signed`	Verify the digital signature
`gpg --output message.txt.enc --encrypt message.txt`	Encrypt a file using GPG
`gpg --output message.txt.dec --decrypt message.txt.enc`	Decrypt an encrypted file
`cat message.txt.dec`	View decrypted content
`gpg --export --armor test@utimaco.com > gpgpub.key`	Export a public key
`rpm --import RPM-GPG-KEY-test`	Import an RPM GPG key
`rpm -qpi ~/rpmbuild/RPMS/noarch/hello-1.0-1.noarch.rpm`	Query RPM package information
`openssl engine dynamic \` `-pre SO_PATH:/opt/openssl-1.1.1/lib/engines-1.1/pkcs11.so \` `-pre ID:pkcs11 \` `-pre LIST_ADD:1 \` `-pre LOAD \` `-pre MODULE_PATH:/etc/utimaco/lib/libcs_pkcs11_R3.so`	Load PKCS#11 engine dynamically in OpenSSL
`openssl req -new -x509` `-engine pkcs11 \` `-keyform engine \` `-key "pkcs11:id=%45;type=private" \` `-sha256 \` `-days 365 \` `-out test.pem \` `-subj "/CN=test.utimaco.com/O=Integration"`	Generate a CSR/certificate using a PKCS#11 key
`openssl x509 \` `-in test.pem \` `-out test.der \` `-outform DER`	Convert the certificate to DER format
`pkcs11-tool \` `--module /etc/utimaco/lib/libcs_pkcs11_R3.so \` `-l \` `--slot 0 \` `--write-object test.der \` `--type cert \` `--id 45 \` `--label "GPGCertificate"`	Upload the certificate to HSM
`gpg --expert --full-generate-key`	Generate a GPG key (advanced options)

List of commands used