Metaslot in the Cryptographic Framework

This security feature is new in the Solaris Express 2/05 release. This feature is of interest to both system administrators and software developers.

The metaslot is a component of the Solaris cryptographic framework library, libpkcs11.so. With metaslot software, an application that needs encryption can specify its cryptographic needs. With these specifications, the most suitable cryptographic mechanism that is available on the system will be supplied. The metaslot serves as a single virtual slot with the combined capabilities of all tokens and slots that have been installed in the framework. Effectively, the metaslot enables an application to connect transparently with any available cryptographic service through a single slot.

The metaslot is automatically enabled. The system administrator can explicitly disable the metaslot if preferred.

When an application requests a cryptographic service, the metaslot points to the most appropriate slot, which simplifies the process of selecting a slot. In some cases, a different slot might be required, in which case the application must perform a separate search explicitly.

Further information about the cryptographic framework is provided in the Solaris Security for Developers Guide. See also the System Administration Guide: Security Services.