KMF provides methods for managing the storage of keys and provides the overall policy for the use of those keys. KMF manages the policy, keys, and certificates for three public key technologies:
Tokens from PKCS #11 providers, that is, from the Oracle Solaris Cryptographic Framework
NSS, that is, Network Security Services
OpenSSL, a file-based keystore
The kmfcfg tool can create, modify, or delete KMF policy entries. KMF manages keystores through the pktool command. For more information, see the kmfcfg(1) and pktool(1) man pages, and the following sections.