KMF provides methods for managing the storage of keys and provides the overall policy for the use of those keys. KMF can manage the policy, keys, and certificates for three public key technologies:
Tokens from PKCS #11 providers, that is, from the Cryptographic Framework
NSS, that is, Network Security Services
OpenSSL, a file-based keystore
The kmfcfg tool can create, modify, or delete KMF policy entries. The tool also manages plugins to the framework. KMF manages keystores through the pktool command. For more information, see the kmfcfg (1) and pktool (1) man pages, and the following sections.