p11tool
p11tool is a program that allows operations on PKCS #11 smart cards and security modules.
p11tool does not rely on a configuration file to use DigiCert® Software Trust Manager PKCS11 shared library. Add the location of the Software Trust Managershared library as a parameter in command line. An absolute path is required, regardless of where you execute the tool.
Prerequisites
p11tool
OpenSSL
Software Trust Manager PKCS11 library
Configure OpenSSL with Software Trust Manager PKCS11 library
Install p11tool
To install the p11tool, use:
apt install gnutls-bin
Install and configure Software Trust Manager PKCS11 with OpenSSL
OpenSSL uses Software Trust Manager PKCS11 library to sign files.
Follow these instructions to install OpenSSL and configure it with Software Trust Manager PKCS11 library.
p11tool commands
List all objects
To list all objects (including certificate, public key, and private key), use:
p11tool --provider=/home/myles/smtools-linux-x64/bin/smpkcs11.so --list-all
Use the –help flag for more commands.
Generate key
To generate a 2048 RSA key with the label “p11tooldebian”, use:
p11tool --provider /home/myles/smtools-linux-x64/bin/smpkcs11.so --generate-rsa --bits 2048 --label p11tooldebian