Requirements for Developers of User-Level Providers
To develop a user-level provider, do all of the following:
-
Design the provider to stand alone. Although the provider shared object need not be a full-fledged library to which applications link, all necessary symbols must exist in the provider. Assume that the provider is to be opened by dlopen(3C) in RTLD_GROUP and RTLD_NOW mode.
-
Create a PKCS #11 Cryptoki implementation in a shared object. This shared object should include necessary symbols rather than depend on consumer applications.
-
It is highly recommended though not required to provide a _fini() routine for data cleanup. This method is required to avoid collisions between C_Finalize() calls when an application or shared library loads libpkcs11 and other provider libraries concurrently. See Avoiding Data Cleanup Collisions in User-Level Providers.
-
Apply for a certificate from Sun Microsystems, Inc. See To Request a Certificate for Signing a Provider.
-
Use the certificate with elfsign to sign the binary. See To Sign a Provider.
-
Package the shared object according to Sun conventions. See Appendix F, Packaging and Signing Cryptographic Providers.
- © 2010, Oracle Corporation and/or its affiliates