openCryptoki is an implementation of the PKCS#11 API standard. It provides an interface to the functions of underlying cryptographic tokens, which may be implemented via software or hardware. The PKCS#11 specification has been released by RSA Labs. More information on PKCS#11 can be found on the RSA labs website: http://www.rsa.com/rsalabs.
To use openCryptoki, run the pkcsslotd daemon. The daemon will read the opencryptoki.conf file to collect information about the tokens and their slots.
Use the pkcsconf utility to further configure openCryptoki once the daemon is running.
All non-root users that require access to PKCS#11 tokens using openCryptoki must be assigned to the pkcs11 group to be able to communicate with the pkcsslotd daemon. Only fully trusted users should be granted membership in the group. Group members can block other openCryptoki users from accessing PKCS#11 tokens, and execute arbitrary code with the privileges of other openCryptoki users.
opencryptoki.conf(5), pkcsconf(1), pkcsicsf(1), pkcsslotd(8), pkcstok_migrate(1).