A P P E N D I X  B

Installing and Configuring openCryptoki Software for Linux

This appendix describes how to install and configure openCryptoki software for Linux environments. Sections include:

Note - openCryptoki software is for Linux platforms only.

automake and autoconf utilities are required for configuring openCryptoki software. If these utilities are not installed by default, install them with the following packages.

For RHEL4 U2:

For SuSE9 SP3:

The Sun Crypto Accelerator 6000 board uses openCryptoki as the interface for PKCS#11 applications. The board has certified openCryptoki 2.2.2-rc6 released on Feb. 13, 2006. The original package and a patch from Sun are downloadable only from the Sun Crypto Accelerator 6000 product web site, http://www.sun.com/products/networking/sslaccel/suncryptoaccel6000/index.xml. Additional information on openCryptoki is available at: http://sourceforge.net/projects/opencryptoki.

Later releases of openCryptoki might not be supported. Refer to the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.0 before using any other releases.

Installing openCryptoki Software

Use the following procedure to install the openCryptoki 2.2.2 software.

Download openCryptoki 2.2.2, openCryptoki-2.2.2-rc6.tar.bz2, from http://sourceforge.net/projects/opencryptoki. Choose a directory to unpack the archive. The /var/tmp directory is used in this example. Use the following command to uncompress the file:

% bzip2 -d openCryptoki-2.2.2-rc6.tar.bz2

Use the following command to unpack the file:

% tar xvf openCryptoki-2.2.2-rc6.tar

The files should be in the /var/tmp/openCryptoki-2.2.2-rc6/ directory. The documentation is in the /var/tmp/openCryptoki-2.2.2-rc6/doc/ directory. Refer to the openCryptoki-HOWTO.pdf file for architectual and design information.

Note - Check the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.0 to verify you have all of the required patches installed before configuring and compiling openCryptoki.

The configuration and installation are described in the /var/tmp/openCryptoki-2.2.2-rc6/README file. Use the following commands to configure, compile, and install the openCryptoki software or consult the README file:

% sh bootstrap.sh
% sh ./configure
% make
% make install

This will install the openCryptoki software in the default location, which is as follows:


The Sun Crypto Accelerator 6000 board requires openCryptoki to be installed in its default location. Refer to the README file for the installed files.

Preparing openCryptoki for 64 bit Applications

In addition to the above base installation for 32-bit applications, you must install a 64 bit openCryptoki library for 64 bit applications.

Change to /var/tmp/openCryptoki-2.2.2-rc6/usr/lib/pkcs11/api directory.

Edit the makefile and change the -m32 option to -m64 and use the following command to compile the 64 bit openCryptoki library:

% make clean
% make

Use the following command to put the 64 bit openCryptoki library in its default location:

% cp opencryptoki/.libs/libopencryptoki.so.0.0.0 /usr/local/lib/pkcs11/PKCS11_API.so64

Installing the Libraries in the Standard Location

Create the following directories if they do not exist:

% mkdir /usr/lib/pkcs11
% mkdir /usr/lib64/pkcs11

Link the 32 bit openCryptoki library to the /usr/lib/ directory with the following command:

% ln -s /usr/local/lib/pkcs11/PKCS11_API.so /usr/lib/pkcs11/PKCS11_API.so

On 64 bit platforms, link the 64 bit openCryptoki library to the /usr/lib64 directory with the following command:

% ln -s /usr/local/lib/pkcs11/PKCS11_API.so64 /usr/lib64/pkcs11/PKCS11_API.so

Creating openCryptoki Users and Groups

Before starting openCryptoki, add the pkcs11 group to the system using the following command:

% groupadd pkcs11

Edit /etc/group file and add root, daemon, and other users that might want to use openCryptoki in the pkcs11 group. The following is an example:


Note - Only local users (not network users) may run openCryptoki applications--the users must be in /etc/passwd file.

Starting openCryptoki

The openCryptoki daemon is started by the Sun Crypto Accelerator 6000 board startup script. See Chapter 3 for details.