softhsm2.conf - SoftHSM configuration file
This is the configuration file for SoftHSM. It can be found on a default
location, but can also be relocated by using the environment variable. Any
configuration must be done according to the file format found in this
Each configuration option is a pair of name and value separated by a equality
sign. The configuration option must be located on a single line.
It is also possible to add comments in the file by using the hash
sign. Anything after the hash sign will be ignored.
Any empty lines or lines that does not have the correct format will be ignored.
The location where SoftHSM can store the tokens.
directories.tokendir = /var/lib/softhsm/tokens/
The backend to use by SoftHSM to store token objects. Either "file" or
"db" is supported. In order to use the "db" backend, the
SoftHSM build needs to be configured with "configure
objectstore.backend = file
The log level which can be set to ERROR, WARNING, INFO or DEBUG.
If set to true CKF_REMOVABLE_DEVICE is set in the flags returned by
C_GetSlotInfo. Default is false.
Allows to enable and disable any of the PKCS#11 mechanisms reported in the
C_GetMechanismList(). The option accepts string argument containing the comma
separated list of all algorithms that should be enabled (do not forget about
the keygen mechanisms). The list can be prefixed with minus sign "-"
to list only the disabled mechanisms. Additionally, special keyword ALL can be
used to enable all the known mechanisms (default). Unknown mechanisms are
ignored. This option has higher priority than the CKA_ALLOWED_MECHANISMS
attribute on the key objects.
If set to true, the library will reset the state on fork. Default is false.
library.reset_on_fork = true
- When defined, the value will be used as path to the configuration
- default user-specific location of the SoftHSM configuration file; if it
exists it will override the system wide configuration
- default system-wide location of the SoftHSM configuration file
- an example of a SoftHSM configuration file
Written by Rickard Bellgrim, Francis Dupont, René Post, and Roland van