p11-kit-0.23.9

Introduction to p11-kit

The p11-kit package provides a way to load and enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.

This package is known to build and work properly using an LFS-8.2 platform.

Package Information

p11-kit Dependencies

Recommended

Optional

NSS-3.35, GTK-Doc-1.27 and libxslt-1.1.32

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/p11-kit

Installation of p11-kit

Install p11-kit by running the following commands:

./configure --prefix=/usr     \
            --sysconfdir=/etc \
            --with-trust-paths=/etc/pki/anchors &&
make

To test the results, issue: make check. The test-token test is known to fail.

Now, as the root user:

make install

Command Explanations

--with-trust-paths=/etc/pki/anchors: this switch sets the location of trusted certificates used by libp11-kit.so.

--with-hash-impl=freebl: Use this switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing.

--enable-doc: Use this switch if you have installed GTK-Doc-1.27 and libxslt-1.1.32 and wish to rebuild the documentation and generate manual pages.

Configuring p11-kit

The p11-kit trust module (/usr/lib/pkcs11/p11-kit-trust.so) can be used as a drop-in replacement for /usr/lib/libnssckbi.so to transparently make the system CAs available to NSS aware applications, rather than the static list provided by /usr/lib/libnssckbi.so. As the root user, execute the following commands:

if [ -e /usr/lib/libnssckbi.so ]; then
  readlink /usr/lib/libnssckbi.so ||
  rm -v /usr/lib/libnssckbi.so    &&
  ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so
fi

Contents

Installed Program: p11-kit and trust
Installed Libraries: libp11-kit.so and p11-kit-proxy.so
Installed Directories: /etc/pkcs11, /usr/include/p11-kit-1, /usr/lib/{p11-kit,pkcs11}, /usr/share/gtk-doc/html/p11-kit, and /usr/share/p11-kit

Short Descriptions

p11-kit

is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system.

trust

is a command line tool to examine and modify the shared trust policy store.

libp11-kit.so

contains functions used to coordinate initialization and finalization of any PKCS#11 module.

p11-kit-proxy.so

is the PKCS#11 proxy module.

Last updated on 2018-02-24 15:05:35 -0800