Install CryptokiX

CryptokiX can be installed in any Unix system. Once downloaded and uncompressed the tarball, you have to run the script which generates the configure file.

To enable the patches on CryptokiX use the following configure options:

--enable-conflict-check        turn on checks for conflicting wrap/decrypt and unwrap/encrypt attributes
--enable-sticky-attributes     turn on sticky attributes policy
--enable-wrap-format           exports key attributes on DES_* wrap and checks it when unwrap

CryptokiX-sec-templates comes as a separate patched software token at the moment, thus it does not need any configure flag to be enabled.

After the configure step, you just need to make and make install (this last step needs root permission) and you are done. To start the token just start the ‘pkcsslotd’ daemon. Running ‘pkcsconf -t’ should give you information about the software token. If anything goes wrong please refer to the Opencryptoki documentation.

NOTE: recall to ask the administrator to add your user in the pkcs11 group.