Create pkcs11.cfg at /etc/utimaco/ | Utimaco Integration Guides

Create a file /etc/utimaco/pkcs11.cfg and add below contents to it

pkcs11.cfg
name=CryptoServer library=/opt/utimaco/lib/libcs_pkcs11_R3.so slotListIndex=0 publickeyimportonly = true attributes(, CKO_SECRET_KEY, ) = { CKA_ENCRYPT=true CKA_DECRYPT=true} attributes(GENERATE, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_TOKEN=true CKA_DECRYPT=true CKA_UNWRAP=true} attributes(GENERATE, CKO_PUBLIC_KEY, ) = { CKA_TOKEN=true CKA_VERIFY=true} attributes(, CKO_PUBLIC_KEY, CKK_RSA) = { CKA_ENCRYPT=true CKA_WRAP=true CKA_VERIFY=true} attributes(IMPORT, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_DECRYPT=true CKA_UNWRAP=true CKA_DERIVE=true} attributes(*,CKO_PRIVATE_KEY,CKK_EC) = { CKA_SIGN = true CKA_DERIVE = true CKA_Token = true}

pkcs11.cfg

name=CryptoServer library=/opt/utimaco/lib/libcs_pkcs11_R3.so slotListIndex=0 publickeyimportonly = true attributes(*, CKO_SECRET_KEY, *) = { 

   CKA_ENCRYPT=true    CKA_DECRYPT=true} 

attributes(GENERATE, CKO_PRIVATE_KEY, CKK_RSA) = { 

   CKA_TOKEN=true 

   CKA_DECRYPT=true    CKA_UNWRAP=true} 

attributes(GENERATE, CKO_PUBLIC_KEY, *) = { 

   CKA_TOKEN=true    CKA_VERIFY=true} 

attributes(*, CKO_PUBLIC_KEY, CKK_RSA) = { 

   CKA_ENCRYPT=true    CKA_WRAP=true    CKA_VERIFY=true} 

attributes(IMPORT, CKO_PRIVATE_KEY, CKK_RSA) = { 

   CKA_DECRYPT=true 

   CKA_UNWRAP=true    CKA_DERIVE=true} 

attributes(*,CKO_PRIVATE_KEY,CKK_EC) = { 

   CKA_SIGN = true 

   CKA_DERIVE = true 

   CKA_Token = true}

This file will be used by IBMPKCS11 provider to get library and slot information and perform cryptographic operation on Utimaco HSM.

Specify correct library path and slot index.