p11tool

p11tool is a program that allows operations on PKCS #11 smart cards and security modules.

p11tool does not rely on a configuration file to use DigiCert® Software Trust Manager PKCS11 shared library. Add the location of the Software Trust Managershared library as a parameter in command line. An absolute path is required, regardless of where you execute the tool.

Prerequisites

p11tool
OpenSSL
Software Trust Manager PKCS11 library
Configure OpenSSL with Software Trust Manager PKCS11 library
Configure your credentials

Install p11tool

To install the p11tool, use:

apt install gnutls-bin

Install and configure Software Trust Manager PKCS11 with OpenSSL

OpenSSL uses Software Trust Manager PKCS11 library to sign files.

Follow these instructions to install OpenSSL and configure it with Software Trust Manager PKCS11 library.

p11tool commands

List all objects

To list all objects (including certificate, public key, and private key), use:

p11tool --provider=/home/myles/smtools-linux-x64/bin/smpkcs11.so --list-all

Use the –help flag for more commands.

Generate key

To generate a 2048 RSA key with the label “p11tooldebian”, use:

p11tool --provider /home/myles/smtools-linux-x64/bin/smpkcs11.so --generate-rsa --bits 2048 --label p11tooldebian

In this section: