%general-entities; ]> $LastChangedBy$ $Date$ p11-kit The p11-kit package provides a way to load and enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules. &lfs83_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &p11-kit-md5sum; Download size: &p11-kit-size; Estimated disk space required: &p11-kit-buildsize; Estimated build time: &p11-kit-time; p11-kit Dependencies Recommended Optional (runtime), (runtime), and User Notes: Prepare the distribution specific anchor hook: sed '20,$ d' -i trust/trust-extract-compat.in && cat >> trust/trust-extract-compat.in << "EOF" # Copy existing anchor modifications to /etc/ssl/local /usr/libexec/make-ca/copy-trust-modifications # Generate a new trust store /usr/sbin/make-ca -f -g EOF Install p11-kit by running the following commands: ./configure --prefix=/usr \ --sysconfdir=/etc \ --with-trust-paths=/etc/pki/anchors && make To test the results, issue: make check. One test, test-token 6, is known to fail. Now, as the root user: make install && ln -s /usr/libexec/p11-kit/trust-extract-compat \ /usr/bin/update-ca-certificates --with-trust-paths=/etc/pki/anchors: this switch sets the location of trusted certificates used by libp11-kit.so. --with-hash-impl=freebl: Use this switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing. --enable-doc: Use this switch if you have installed and and wish to rebuild the documentation and generate manual pages. The p11-kit trust module (/usr/lib/pkcs11/p11-kit-trust.so) can be used as a drop-in replacement for /usr/lib/libnssckbi.so to transparently make the system CAs available to NSS aware applications, rather than the static list provided by /usr/lib/libnssckbi.so. As the root user, execute the following commands: if [ -e /usr/lib/libnssckbi.so ]; then readlink /usr/lib/libnssckbi.so || rm -v /usr/lib/libnssckbi.so && ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so fi Installed Programs Installed Libraries Installed Directories p11-kit and trust libp11-kit.so and p11-kit-proxy.so /etc/pkcs11, /usr/include/p11-kit-1, /usr/lib/{p11-kit,pkcs11}, /usr/share/gtk-doc/html/p11-kit, and /usr/share/p11-kit Short Descriptions p11-kit is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system. p11-kit trust is a command line tool to examine and modify the shared trust policy store. trust update-ca-certificates is a command line tool to both extract local certificates from an upadated anchor store, and regenerate all anchors and certificate stores on the system. update-ca-certificates libp11-kit.so contains functions used to coordinate initialization and finalization of any PKCS#11 module. libp11-kit.so p11-kit-proxy.so is the PKCS#11 proxy module. p11-kit-proxy.so