Utilities in the Web Services PKCS #11 library

The following four utility programs are provided:


Checks basic functionality.


Prints version information.


Lists objects created on the Softcard.


Lists supported mechanisms.

Run these programs with the following commands:


/opt/nfast/webservices/pkcs11/bin/ckinfo-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so
/opt/nfast/webservices/pkcs11/bin/cklist-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so


C:\Program Files\nCipher\WebServices\pkcs11\bin\ckcheckinst.exe
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckinfo-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\cklist-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckmechinfo.exe

Softcard generation tool

Because PKCS #11 does not directly support Softcard generation, a command line tool is provided.

The Softcard tool uses the same configuration file as the PKCS #11 library for the Web Services server secure connection. It does not support any logging. For more information, see Configure the Web Services PKCS #11 library.

Both single and double hyphen arguments are supported, for example, -g | --generate. You can also combine compatible single hyphen arguments, for example, you could use -vg instead of -v -g.

To generate a new Softcard run the following command:


/opt/nfast/webservices/pkcs11/bin/softcardtool -g --name=<new-softcard-name>


C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -g --name=<new-softcard-name>

When prompted, enter a new passphrase for the Softcard.

Special characters for name and passphrase are not supported.

To verify the Web Services server connection, run the tool with the verbose and list options:


/opt/nfast/webservices/pkcs11/bin/softcardtool -vl


C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -vl

To delete a Softcard, remove all keys associated with the Softcard and use the following command:


/opt/nfast/webservices/pkcs11/bin/softcardtool -d --ID=<deleted-softcard-ID>


C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -d --ID=<deleted-softcard-ID>

To see all the available options, run


/opt/nfast/webservices/pkcs11/bin/softcardtool --help

softcardtool, 1.3.0

       softcardtool [options]


C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe --help

softcardtool, 1.3.0

       softcardtool.exe [options]

Help options:
  -h, --help                Display help for `softcardtool'.
  -V, --version             Display the version number of `softcardtool'.
  -u, --usage               Display a brief usage summary for `softcardtool'.

Command options:
  -v, --verbose             Modify another command to be verbose.
  -a, --audit="LEVEL"       Displays rest client logs with a level lower than
                              or equal to the one provided. Select one of:
                              (FATAL < ERROR < WARNING < INFO < DEBUG)
  -l, --list                List softcards.
  -g, --generate            Generate a new softcard.
  -n, --name="NAME"         Name of softcard to generate, delete or retrieve.
  -d, --delete              Delete softcard by ID or name.
  -r, --retrieve            Retrieve a softcard's information by ID or name.
  -i, --id="ID"             ID of softcard to delete or retrieve. Ignored if
                              name is provided.

Generates, deletes, lists, and retrieves the details of softcards.

A softcard name may have leading/trailing spaces. If a name is supplied in the
initial prompt and contains spaces, it must be enclosed in double quotation
marks, which will be removed. For example:
      --generate --name "softcard name"         outputs: softcard name
      --generate, "Enter name:" softcard name   outputs: softcard name
Aside from the space character, names and passphrases including special
characters are not supported.
You cannot use --delete in conjuction with --generate or --retrieve. All other combinations are permitted and operate in the order of generate, delete, list, retrieve.