[zones-discuss] questiosn regarding pkcs11_softtoken.so, on global zone and non-global zone. thanks(case 11351781)

Sun, 05 Apr 2009 20:59:36 -0700 

Hi experts,

I would like consult you some issue regarding pkcs11_softtoken.so
on global zone and non-global zone on Solaris 10.

There are different output of cryptoadm between on global zone and
on non-global zone.

For example, there was the following output on non-global zone
and global zone.

--------------------------------------------
yukinoko# uname -a
SunOS yukinoko 5.10 Generic_118833-36 sun4u sparc SUNW,A70

yukinoko# zlogin zone1
[Connected to zone 'zone1' pts/5]
Last login: Tue Mar 17 21:19:53 on pts/5
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
#
# cryptoadm list

User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken.so <<===!!!

Kernel software providers:
        swrand
        rsa
        md5
        sha2
        sha1
        blowfish
        arcfour
        aes
        des

Kernel hardware providers:
# ^D
[Connection to zone 'zone1' pts/5 closed]

yukinoko# cryptoadm list

User-level providers:
provider: /usr/lib/security/$ISA/pkcs11_kernel.so
provider: /usr/lib/security/$ISA/pkcs11_softtoken.so <<===!!!

Kernel software providers:
        des
        aes
        arcfour
        blowfish
        sha1
        sha2
        md5
        rsa
        swrand

Kernel hardware providers:
--------------------------------------------
--------------------------------------------
# uname -a
SunOS m5000-0 5.10 Generic_137137-09 sun4u sparc SUNW,SPARC-Enterprise

# cryptoadm list

User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken_extra.so <<===!!!

Kernel software providers:
        des
        aes256
        arcfour2048
        blowfish448
        sha1
        sha2
        md5
        rsa
        swrand

Kernel hardware providers:
# zlogin testzone
[Connected to zone 'testzone' pts/2]
Last login: Thu Feb 19 18:51:47 on console
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
#
# cryptoadm list

User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken.so <<===!!!

Kernel software providers:
        swrand
        rsa
        md5
        sha2
        sha1
        blowfish448
        arcfour2048
        aes256
        des

Kernel hardware providers:
--------------------------------------------

The cu said they installed patch 127127-11 but did not
installed  139498-04

Document ID:    127127-11 (applied)
Title:  SunOS 5.10: kernel patch

Document ID:    139498-04 (didn't apply)
Title:  SunOS 5.10: libpkcs11.so patch

The cu would like know

1) On non-global zone, why pkcs11_softtoken.so is used as default ?
Is it due to design ?

2) On non-global zone, if change pkcs11_softtoken.so to
pkcs11_softtoken_extra.so, is there any impact for the system ?

3) On non-global zone, if want to use 128-bit keylength, the following
method is correct or not ?

# cryptoadm install
provider=/usr/lib/security/\$ISA/pkcs11_softtoken_extra.so

# cryptoadm uninstall
provider=/usr/lib/security/\$ISA/pkcs11_softtoken.so

There is the following man page info of pkcs11_softtoken

=== man pkcs11_softtoken ===
     The pkcs11_softtoken.so object contains only implementations
     of  symmetric  key  algorithms  of  up to 128-bit keylength.
     pkcs11_softtoken_extra.so,  if  available,   might   contain
     longer key lengths.
=== man pkcs11_softtoken ===

Thank you very much.
Best Regards
chunhuan
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to