You can generate a passphrase for an object in a keystore, and for the keystore itself. The passphrase is required to access the object or keystore. For an example of generating a passphrase for an object in a keystore, see Example 4–4.
% pktool setpin keystore=nss|pkcs11 [dir=directory]
The default directory for key storage is /var/username.
The initial password for a PKCS #11 keystore is changeme. The initial password for an NSS keystore is an empty password.
When prompted for the current token passphrase, type the token PIN for a PKCS #11 keystore, or press the Return key for an NSS keystore.
Enter current token passphrase: Type PIN or press the Return key Create new passphrase: Type the passphrase that you want to use Re-enter new passphrase: Retype the passphrase Passphrase changed.
The keystore is now protected by passphrase. If you lose the passphrase, you lose access to the objects in the keystore.
# pktool tokens
The output depends on whether the metaslot is enabled. For more information about the metaslot, see Concepts in the Cryptographic Framework.
If the metaslot is enabled, the pktools token command generates output similar to the following:
ID Slot Name Token Name Flags -- --------- ---------- ----- 0 Sun Metaslot Sun Metaslot 1 Sun Crypto Softtoken Sun Software PKCS#11 softtoken LIX 2 PKCS#11 Interface for TPM TPM LXS
If the metaslot is disabled, the pktools token command generates output similar to the following:
ID Slot Name Token Name Flags -- --------- ---------- ----- 1 Sun Crypto Softtoken Sun Software PKCS#11 softtoken LIX 2 PKCS#11 Interface for TPM TPM LXS
In the two output versions, flags can be any combination of the following:
L – login required
I – initialized
X – User PIN expired
S – SO PIN expired
The following example shows how to set the passphrase for an NSS database. Because no passphrase has been created, the user presses the Return key at the first prompt.
% pktool setpin keystore=nss dir=/var/nss Enter current token passphrase:Press the Return key Create new passphrase: has8n0NdaH Re-enter new passphrase: has8n0NdaH Passphrase changed.