SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use SoftHSM as an HSM for OpenDNSSEC.
SoftHSM depends on a cryptographic library, Botan or OpenSSL. Minimum required versions:
If you are using Botan, make sure that it has support for GNU MP (--with-gnump). This will improve the performance when doing public key operations.
There is a migration tool for converting token databases from SoftHSMv1 into the new type of tokens. If this tool is built, then SQLite3 is required (>= 3.4.2).
If the code is downloaded directly from the code repository, you have to prepare the configuration scripts.
Configure the installation/compilation scripts.
For more options:
Compile the source code using the following command:
Install the library using the follow command:
Location of the configuration file.
The default location of the config file is /etc/softhsm2.conf. This location can be change by setting the environment variable.
Details on the configuration can be found in "man softhsm2.conf".
Initialize your tokens.
Use either softhsm-util or the PKCS#11 interface. The SO PIN can e.g. be used to re-initialize the token and the user PIN is handed out to the application so it can interact with the token.
Type in SO PIN and user PIN.
Once a token has been initialized, more slots will be added automatically with a new uninitialized token.
All of the tokens and their objects are stored in the location given by softhsm2.conf. Backup can thus be done as a regular file copy.