Create pkcs11.cfg at /etc/utimaco/ | Utimaco Integration Guides

Create a file /etc/utimaco/pkcs11.cfg and add below contents to it.

pkcs11.cfg
name=CryptoServer library= C:\\Program Files\\Utimaco\\SecurityServer\\Lib\\cs_pkcs11_R3.dll slotListIndex=0 publickeyimportonly = true attributes(, CKO_SECRET_KEY, ) = { CKA_ENCRYPT=true CKA_DECRYPT=true} attributes(GENERATE, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_TOKEN=true CKA_DECRYPT=true CKA_UNWRAP=true} attributes(GENERATE, CKO_PUBLIC_KEY, ) = { CKA_TOKEN=true CKA_VERIFY=true} attributes(, CKO_PUBLIC_KEY, CKK_RSA) = { CKA_ENCRYPT=true CKA_WRAP=true CKA_VERIFY=true} attributes(IMPORT, CKO_PRIVATE_KEY, CKK_RSA) = { CKA_DECRYPT=true CKA_UNWRAP=true CKA_DERIVE=true} attributes(*,CKO_PRIVATE_KEY,CKK_EC) = { CKA_SIGN=true CKA_DERIVE=true CKA_TOKEN=true}

pkcs11.cfg

name=CryptoServer 
library= C:\\Program Files\\Utimaco\\SecurityServer\\Lib\\cs_pkcs11_R3.dll 
slotListIndex=0 
publickeyimportonly = true 
attributes(*, CKO_SECRET_KEY, *) = { 
   CKA_ENCRYPT=true 
   CKA_DECRYPT=true} 
attributes(GENERATE, CKO_PRIVATE_KEY, 
   CKK_RSA) = { CKA_TOKEN=true 
   CKA_DECRYPT=true 
   CKA_UNWRAP=true} 
attributes(GENERATE, CKO_PUBLIC_KEY, *) = { 
   CKA_TOKEN=true CKA_VERIFY=true} attributes(*, 
   CKO_PUBLIC_KEY, CKK_RSA) = { 
   CKA_ENCRYPT=true 
   CKA_WRAP=true 
   CKA_VERIFY=true} 
attributes(IMPORT, CKO_PRIVATE_KEY, CKK_RSA) = { 
   CKA_DECRYPT=true CKA_UNWRAP=true CKA_DERIVE=true} 
attributes(*,CKO_PRIVATE_KEY,CKK_EC) = { 
   CKA_SIGN=true 
   CKA_DERIVE=true 
   CKA_TOKEN=true}

This file will be used by IBMPKCS11 provider to get library and slot information and perform cryptographic operation on Utimaco HSM.

Specify correct library path and slot index.