I'm doing a task about SoftHSM. I have built an application in Java as a server. So, I config the connection in a softhsm.cfg file
library = F:\SoftHSM2\lib\softhsm2-x64.dll
slot = 767671965
attributes(generate, *, *) = {
CKA_TOKEN = true
}
attributes(generate, CKO_CERTIFICATE, *) = {
CKA_PRIVATE = false
}
attributes(generate, CKO_PUBLIC_KEY, *) = {
CKA_PRIVATE = false
}
Then I use SunPKCS11 provider to connect from my client to SoftHSM server
SunPKCS11 provider = new SunPKCS11(Constant.CONFIG_NAME);
if (Security.getProvider(Constant.PROVIDER_NAME) != null) {
Security.removeProvider(Constant.PROVIDER_NAME);
}
Security.addProvider(provider);
log.info("Name of provider :{}", provider.getName());
// Load the key store
char[] pin = bean.getPin().toCharArray();
KeyStore ks = KeyStore.getInstance(Constant.KEYSTORE_TYPE, provider);
ks.load(null, pin);
KeyPair keyPair = generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate[] chain = generateV3Certificate(keyPair);
ks.setKeyEntry(bean.getAliasName(), privateKey, bean.getPin().toCharArray(), chain);
I put keys into keystore and get them to do cryptographic operations
All above things, I only connect a client to server. But, now I want 3 or more clients connecting to SoftHSM server. I want to each client possess different PIN to do cryptographic operations. How can I do?
Yes it is possible.
Just create two configs, and USE different names otherwise it will use always the same first one
In Java you could do something like this to load different slots configs: