CryptpCorner softhsm2-util

SoftHSM2 first steps to create slots

As softhsm2-util is not very well documented I decided to support the cryptographic community by offering working usage examples of the main tool of SoftHSM2. This post will show how to initialize a SoftHSM slot and to view your SoftHSM slots. This working examples are based on version 2.6.1 and can be downloaded from OpenDNSSEC website.

After installation of SoftHSM2 you can check your slot configuration with option –show-slots

$ softhsm2-util --show-slots
Available slots:
Slot 0
    Slot info:
        Description:      SoftHSM slot ID 0x0
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

You always will see at least one present token with is not initialized. After installation this will be „Slot 0“. You can not use this slot unless you initialize it:

$ softhsm2-util --init-token --slot 0 --label "label1" --pin 1234 --so-pin 1234
 
The token has been initialized and is reassigned to slot 1574641475 

Now you can see the newly initialized slot „Slot 1574641475“ and a new slot „Slot 1“ which is prepared to be initialized whenever you need another slot:

$ softhsm2-util --show-slots
 
Available slots:
Slot 1574641475
    Slot info:
        Description:      SoftHSM slot ID 0x5ddb1f43
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:    3963656edddb1f43
        Initialized:      yes
        User PIN init.:   yes
        Label:            label1
Slot 1
    Slot info:
        Description:      SoftHSM slot ID 0x1
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

Better to use –free instead of „–slot 0“ to use the first free/uninitialized token.

Now you have a slot identifyable by slot number „1574641475“ which does not hold any key yet. You can import an cryptographic key using softhsm2-util with option –import or use any other PKCS#11 compatible tool like pkcs11-tool or openssl to generate symmetric or asymmetric keys.

I will show some examples how to create AES, RSA and ECC keys in other related posts,

Related Posts

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.