Utilities in the Web Services PKCS #11 library

The following four utility programs are provided:

ckcheckinst

Checks basic functionality.

ckinfo-dynamic

Prints version information.

cklist-dynamic

Lists objects created on the Softcard.

ckmechinfo

Lists supported mechanisms.

Run these programs with the following commands:

Linux:

/opt/nfast/webservices/pkcs11/bin/ckcheckinst
/opt/nfast/webservices/pkcs11/bin/ckinfo-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so
/opt/nfast/webservices/pkcs11/bin/cklist-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so
/opt/nfast/webservices/pkcs11/bin/ckmechinfo

Windows:

C:\Program Files\nCipher\WebServices\pkcs11\bin\ckcheckinst.exe
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckinfo-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\cklist-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckmechinfo.exe

Softcard generation tool

Because PKCS #11 does not directly support Softcard generation, a command line tool is provided.

The Softcard tool uses the same configuration file as the PKCS #11 library for the Web Services server secure connection. It does not support any logging. For more information, see Configure the Web Services PKCS #11 library.

To generate a new Softcard run the following command:

Linux:

/opt/nfast/webservices/pkcs11/bin/softcardtool -g --name=<new-softcard-name>

Windows:

C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -g --name=<new-softcard-name>

When prompted, enter a new passphrase for the Softcard.

Special characters for name and passphrase are not supported.

To verify the Web Services server connection, run the tool with the verbose and list options:

Linux:

/opt/nfast/webservices/pkcs11/bin/softcardtool -vl

Windows:

C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -vl

To delete a Softcard, remove all keys associated with the Softcard and use the following command:

Linux:

/opt/nfast/webservices/pkcs11/bin/softcardtool -d --ID=<deleted-softcard-ID>

Windows:

C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -d --ID=<deleted-softcard-ID>

To see all the available options, run

Linux:

/opt/nfast/webservices/pkcs11/bin/softcardtool --help

softcardtool, 1.1.0

Usage:
       softcardtool [options]

Windows:

C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe --help

softcardtool, 1.1.0

Usage:
       softcardtool.exe [options]
Options:

Help options:
  -h, --help                Display help for `softcardtool'.
  -V, --version             Display the version number of `softcardtool'.
  -u, --usage               Display a brief usage summary for `softcardtool'.
  -v, --verbose             verbose output
  -i, --id=ID               ID of softcard to delete
  -n, --name=NAME           name of softcard to generate
  -l, --list                list softcards
  -d, --delete              delete softcard by ID
  -g, --generate            generate a new softcard

Generates softcards and deletes them.