.TH OPENCRYPTOKI 7 "May 2007" "@PACKAGE_VERSION@" "openCryptoki"
.SH NAME
openCryptoki \- A PKCS#11 implementation.

.SH DESCRIPTION
\fBopenCryptoki\fP is an implementation of the PKCS#11 API standard. It
provides an interface to the functions of underlying cryptographic
tokens, which may be implemented via software or hardware. The PKCS#11
specification has been released by RSA Labs. More information on PKCS#11
can be found on the RSA labs website: http://www.rsa.com/rsalabs.

To use openCryptoki, run the \fIpkcsslotd\fP daemon. The daemon will 
read the \fIopencryptoki.conf\fP file to collect information about the 
tokens and their slots.

Use the \fIpkcsconf\fP utility to further configure openCryptoki once the
daemon is running.

.SH "SECURITY NOTE"
All non-root users that require access to PKCS#11 tokens using openCryptoki
must be assigned to the \fIpkcs11\fP group to be able to communicate with
the \fIpkcsslotd\fP daemon. Only fully trusted users should be granted
membership in the group. Group members can block other openCryptoki users
from accessing PKCS#11 tokens, and execute arbitrary code with the
privileges of other openCryptoki users.

.SH "SEE ALSO"
.PD 0
.TP
\fBpkcsslotd\fP(8),
.TP
\fBpkcsconf\fP(1),
.TP
\fBopencryptoki.conf\fP(5).
.PD