Hello, I have a hardware accelerator installed in my Solaris 10 x86 machine
and would like to disable the Sun PKCS11 softtoken.
This is the output of my "cryptoadm list"
User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken_extra.so
Kernel software providers:
des
aes256
arcfour2048
blowfish448
sha1
sha2
md5
rsa
swrand
Kernel hardware providers:
mca/0
When I try to disable the softtoken , I get the following error.
*bash-3.00# cryptoadm disable
provider="/usr/lib/security/$ISA/pkcs11_softtoken_*
*extra.so"
mechanism=CKM_RSA_PKCS,CKM_RSA_PKCS_KEY_PAIR_GEN,CKM_RSA_X_509,CKM_MD*
*5_RSA_PKCS*
*cryptoadm: /usr/lib/security//pkcs11_softtoken_extra.so does not exist.\*
*
*
Also in a similar note, when I add the hardware accelerator to my NSS
database using modutil, and list it, I get the following output.
# modutil -list -dbdir .
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. Sun Crypto Accelerator
library name: /usr/lib/libpkcs11.so
slots: 2 slots attached
status: loaded
slot: Sun Metaslot
token: Sun Metaslot
slot: Sun Crypto Softtoken
token: Sun Software PKCS#11 softtoken
I am confused why the slot "Sun Crypto Softtoken" is also being listed,
shouldn't it be the hardware accelerator slots that should be listed with
the Sun Metaslot?
Any help is greatly appreciated,
Thanks,
Rishi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090825/e67d6c9b/attachment.html>
