iKeyman

There are two ways to add IBMPKCS11Impl provider in iKeyman.

1. Add the IBMPKCS11Impl provider into the provider list, which is in the java.security file. For example: security.provider.5=com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl /home/test/cfg/4758.cfg
2. In the iKeyman tool, click the blue-man icon on the panel and type the following string in the New Provider message box: com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl.
3. Click OK.

Now, a provider that enables connection to the hardware crypto device becomes available. To create the actual connection to the hardware crypto device, locate the PKCS#11 native library provided by the hardware crypto device vendor. This can be done by clicking on the Key Database File tab, select Open and a message box pops up. In the message box is an option box indicating the type of Keystore to open. For a hardware crypto device, the PKCS11 Direct or PKCS11Config type (depending on how you add the provider) should be chosen. The next step is to specify the native PKCS#11 library provided by the device vendor. For instance, on the AIX® platform, the 4758 device PKCS#11 native library is located at /usr/lib/pkcs11. Add the file name (in this case PKCS11_API.so) in the File Name box and the location of the file in the Location box and click OK. You will then be asked for the slot number. Now iKeyman is ready to generate self-signed certificates and certification requests with the hardware crypto device.