pkcsicsf(1) configuration utility for the ICSF token


pkcsicsf [-h] [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k privatekey] [-m mechanism] [-u URI]


The pkcsicsf utility lists available ICSF tokens and allows user to add one specific ICSF token to opencryptoki.

The ICSF token must be added first to opencryptoki. This creates an entry in the opencryptoki.conf file for the ICSF token. It also creates
 a token_name.conf configuration file in the same directory as the opencryptoki.conf file, containing ICSF specific information. This information is read by the ICSF token.

The ICSF token must bind and authenticate to an LDAP server. The supported authentication mechanisms are simple and sasl. One of these mechanisms must be entered when listing the available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only one ICSF token.

The system admin can either allow the ldap calls to utilize existing ldap configs, such as ldap.conf or .ldaprc for bind and authentication information or set the bind and authentication information within opencryptoki by using this utility and its options. The information will then be placed in the token_name.conf file to be used in the ldap calls. When using simple authentication, the user will be prompted for the racf password when listing or adding a token.


-a token name
add the specified ICSF token to opencryptoki.
the distinguish name to bind when using simple authentication
-c client-cert-file
the client certificate file when using SASL authentication
-C CA-cert-file
the CA certificate file when using SASL authentication
show usage information
-k privatekey
the client private key file when using SASL authentication
-m mechanism
the authentication mechanism to use when binding to the LDAP server (this should be either simple or sasl)
list available ICSF tokens
show usage information


the opencryptoki config file containing token configuration information
contains ICSF configuration information for the ICSF token