Programming basics and user scenarios

Edit online

Learn about use cases on how to take advantage of openCryptoki from new and existing applications.

The most common openCryptoki use cases fall into one of two types:

  • scenarios where application programmers write new security applications using openCryptoki,
  • scenarios where openCryptoki administrators want to configure an existing application with a PKCS #11 interface to use a certain openCryptoki token.

There are a variety of benefits why users may want to exploit the standardized openCryptoki cryptographic functions:

  • They can start using the cryptographic operations of a soft token and later switch to a hardware security module (HSM) without changing the application code.
  • They can switch between hardware security modules (HSM) from different suppliers without changing the code.
  • They can use the sophisticated services of a cryptographic library without coping with the complexity of their APIs.
  • They can use different openCryptoki tokens from within one application to enforce isolation between the data.
  • Many software products that support encryption provide plug-in mechanisms that, if configured, will redirect cryptographic functions to a PKCS #11 library. For example, IBM® middleware like the WebSphere Application Server and the HTTP Server including IBM's internal cryptographic library GSKIT can be configured to use a PKCS #11 library.