Reputation: 1201
pkcs11-tool: why do I need to specify a module to load?
When I run pkcs11-tool I always need to specify a module:
pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
What is this module for and how pkcs11-tool use it? Which are the other possible modules I can use? What is the difference between them?
I tried to use another one ("/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so"), but I always get an empty slot, so I suppose there is a difference in the purpose of the modules ?
Upvotes: 2
Views: 3335
Answers (1)
Reputation: 282
The modules are used as middleware to the actual device like smart cards, USB tokens and hardware security modules (HSMs) or even software emulations for PKCS#11.
You can think of it as a hardware driver mapping PKCS#11 to the concrete device, with some modules offering vendor-specific algorithms, login mechanisms etc.
Some known modules are listed here: http://wiki.ncryptoki.com/Known-PKCS-11-modules.ashx
Using OpenSC, you already have support for a lot of different devices:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-(smart-cards-and-USB-tokens)
So given you stick to those devices listed there and don't use any special function not supported by OpenSC, you should use OpenSC.
Upvotes: 5
Related Questions
- Importing a PKCS12 Using SecItemImport
- Unable to use pkcs11-tool with custom hsm roles
- Module pkcs#11 from Python
- Openssl, engine_pkcs11, libp11/OpenSC
- PKCS11_MODULE path to a file
- PKCS#11 engine for openSSL
- dlopen() fails loading opensc-pkcs11.so
- PKCS#11 engine does not work in openssl on centos 6
- how to create pkcs11 library in windows
- SunPKCS11 and PKCS11 middleware