This section describes the requirements to develop the four types of applications that can plug into the Cryptographic Framework.
To develop a user-level consumer, do all of the following:
Include <security/cryptoki.h>.
Make all calls through the PKCS #11 interfaces only.
Link with libpkcs11.so.
Libraries should not call the C_Finalize() function.
See Writing User-Level Cryptographic Applications for more information.
To develop a user-level provider, a developer needs to keep the following items in mind:
Design the provider to stand alone. Although the provider shared object need not be a full-fledged library to which applications link, all necessary symbols must exist in the provider. Assume that the provider is to be opened by dlopen(3C) in RTLD_LAZY mode.
Create a PKCS #11 Cryptoki implementation in a shared object. This shared object should include necessary symbols rather than depend on consumer applications.
It is highly recommended though not required to provide a _fini() routine for data cleanup. This method is required to avoid collisions between C_Finalize() calls when an application or shared library loads libpkcs11 and other provider libraries concurrently.
Package the shared object according to Oracle conventions.