|A P P E N D I X C|
Building PKCS#11 Applications for Use With the Sun Crypto Accelerator 1000 Board
This appendix describes how to build customized PKCS#11 applications to be used with the board.
The Sun Crypto Accelerator 1000 is registered in the Solaris Cryptographic Framework as a hardware provider. Thus the board can be administered using the system commands. Refer to Solaris Cryptographic Services section in the Solaris 10 System Administration Guide: Security Services.
The Solaris Cryptographic Framework provides a PKCS#11 interface. The Sun Crypto Accelerator 1000 is registered with two PKCS#11 slots. The first slot supports CKM_DES_CBC and CKM_DES3_CBC mechanisms and the second supports CKM_DSA, CKM_RSA_PKCS, and CKM_RSA_X_509 mechanisms. Advanced users can develop PKCS#11 applications using this interface to access the Sun Crypto Accelerator 1000 slots to take advantage of hardware accelerations.
The following table summarizes the PKCS#11 mechanisms and the corresponding key ranges:
The sample PKCS#11 source code given below prints out the PKCS#11 slots in the system. The following are the sample outputs from this program--3 slots were detected.
The slots with dca/0 are from the Sun Crypto Accelerator 1000
There are two ways to use the Sun Crypto Accelerator 1000 through the PKCS#11 interface. The first is to use the Sun Metaslot. The Sun Metaslot will use the board for the mechanisms it supports and use its own internal implementations for other mechanisms. The Sun Metaslot also supports load balancing, failover, and so on. For more details, please refer to the Sun Metaslot documentation.
The second is to use the Sun Crypto Accelerator 1000 slots directly. In this way, it is limited to the five mechanisms given above.
The following provides a sample of PKCS#11 source code.
This code can be compiled using the following command in a Solaris 10 system.
The pkcs11 libraries are /usr/lib/libpkcs11.so (32-bit mode) and /usr/lib/sparcv9/libpkcs11.so (64-bit mode).