diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | p11p-daemon/README.md | 30 |
2 files changed, 19 insertions, 13 deletions
@@ -56,7 +56,7 @@ devices. - Migrating from one kind of HSM to another kind of HSM. p11p-daemon can be configured to use more than one HSM. As long as they provide - the same funtcions using the same key(s), p11p-daemon can provide + the same functions using the same key(s), p11p-daemon can provide fallback functionality for certain operations between different HSM's from different vendors. diff --git a/p11p-daemon/README.md b/p11p-daemon/README.md index 8305925..7b7b943 100644 --- a/p11p-daemon/README.md +++ b/p11p-daemon/README.md @@ -1,4 +1,4 @@ -# p11p is a PKCS #11 proxy +# p11p-daemon is a PKCS #11 proxy ## Install dependencies @@ -15,7 +15,7 @@ ### Erlang/OTP 19 -Ideally, your OS distribution has Elrang/OTP 19.x: +Ideally, your OS distribution has Erlang/OTP 19.x: $ sudo apt install erlang @@ -36,7 +36,9 @@ would be: If you don't have rebar3 installed, install it. See https://www.rebar3.org/docs/ . -If you don't have rebar3 in PATH, add it. Example: +If you don't have rebar3 in PATH, add it. + +Example: $ export PATH=$PATH:~/.cache/rebar3/bin @@ -47,7 +49,8 @@ Compile: ## Configure -For now, see config/sys.config. +For now, see config/sys.config for how to configure virtual tokens, +each with one or more PKCS #11 modules, i.e. shared libraries. ## Run @@ -62,12 +65,10 @@ under _build/default/rel/p11p/log: $ make start -To stop it: - - $ make stop - A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, can -now be used by a client. Example: +now be used by a client. + +Example using p11tool: $ P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11p/vtoken0-26585 P11_KIT_DEBUG=none p11tool --provider /usr/lib/pkcs11/p11-kit-client.so --list-tokens Token 0: @@ -79,12 +80,17 @@ now be used by a client. Example: Serial: b4a861d362dbd386 Module: (null) +To stop the Erlang shell: + + $ make stop + ## Known bugs and limitations - Multiple p11 applications using the same vtoken in a given - p11p-daemon will result in undefined behaviour. We should either - make this work, or prohibit it by rejecting a second user of the - same vtoken. + p11p-daemon will result in undefined behaviour. + + TODO: Make this work, or prohibit it by rejecting a second user of + the same vtoken. ## Bug reports, questions, comments |