Breadcrumbs

PKCS#11 Configuration

On windows, as part of CryptoServer software installation, cs_pkcs11_R3.cfg will get automatically created and will be available under “C:\ProgramData\Utimaco\PKCS11_R3” folder.

Create pkcs11.cfg file at location C:\ProgramData\Utimaco\PKCS11_R3 and add the contents as listed below

›_ pkcs11.cfg 

name=CryptoServer
library=C:/Program Files/Utimaco/SecurityServer/Lib/cs_pkcs11_R3.dll
slot=0
attributes=compatibility
attributes(*,*,*) = {
CKA_TOKEN = true
}

For more information regarding the commands and command parameters please check the Utimaco documentation. The device may be a CryptoServer (PCIe or LAN) device. The device line will follow one of these patterns, based on the HSM form-factor:

Device = 288@<HSM IP address> Hardware (LAN) HSM

OR

Device = /dev/cs2.0 Hardware (PCIe) HSM


Example values

tmpqqhwkb4z.jpg cs_pkcs11_R3.cfg 

[Global]

# Path to the logfile (name of logfile is attached by the API)

# For unix:

# Logpath = /tmp

For windows:

Logpath = C:/ProgramData/Utimaco/PKCS11_R3

# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)

Logging = 4

[CryptoServer]

# Device specifier

Device = 192.168.10.10

To make your testing easier, it would be good to enable the PKCS#11 log file. That can be enabled by editing the Logging Loglevel. Set the LogPath and Logging Loglevel to 1. For testing you may want to increase it to 4.

The added LogPath points to a writable directory, not to a file.

If you encounter problems, check the log file named cs_pkcs11_R3.log in the LogPath defined directory. When you are done testing, you should change Logging to 1 or 2. This will limit the logging to only critical and important messages.