How to create PKCS#11 token and query to check token label and slot info

[skoppulaa]

I have a HSM cluster with one HSM in us-west-2. I'd like to initialize PKCS#11 token using private key, PIN and token label. It is not clear from the documentation on how to create PKCS#11 token and how to query to check token label and slot info using pkcs11-tool. Also, its not clear on how to install pkcs11-tool on Amazon Linux2 ec2 instance.

After installing cloudhsm-pkcs11-latest.el7.x86_64.rpm package, I see my module path as /opt/cloudhsm/lib/libcloudhsm_pkcs11_standard.so

I'd like to run below commands: pkcs11-tool --module --list-token-slots pkcs11-tool --module --pin --list-token-slots --login --list-objects

[rday]

Hi @skoppulaa ,

pkcs11-tool is provided by the opensc package in the upstream repositories. We don't support this tool, so there are no explicit instructions on how to install it. With CloudHsm you already have an initialized token in Slot #0, so there is no need to to use pkcs11-tool to initialize a token.

To login to this token with a pin, you use the username:password of a CU user that you can create with our CMU tool. That tool is documented here. There are examples of this in our samples library common code (using C applications).

What is your use case for your HSM? There may be another way to accomplish your goal without pkcs11-tool.

[rday]

Please reopen if we can assist further!