--- title: PKCS#11 Key Manager Provider description: The PKCS#11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface. component: pingds version: 8.1 page_id: pingds:configref:objects-pkcs11-key-manager-provider canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-pkcs11-key-manager-provider.html section_ids: parent: Parent pkcs11_key_manager_provider_properties: PKCS#11 Key Manager Provider properties basic_properties: Basic properties enabled: enabled key-store-pin: key-store-pin key-store-type: key-store-type pkcs11-provider-arg: pkcs11-provider-arg pkcs11-provider-name: pkcs11-provider-name advanced_properties: Advanced properties java-class: java-class pkcs11-provider-class: pkcs11-provider-class --- # PKCS#11 Key Manager Provider The PKCS#11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface. This standard interface is used by cryptographic accelerators and hardware security modules. ## Parent The PKCS#11 Key Manager Provider object inherits from [Key Manager Provider](objects-key-manager-provider.html). ## PKCS#11 Key Manager Provider properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | | [enabled](#enabled) [key-store-pin](#key-store-pin) [key-store-type](#key-store-type) [pkcs11-provider-arg](#pkcs11-provider-arg) [pkcs11-provider-name](#pkcs11-provider-name) | [java-class](#java-class) [pkcs11-provider-class](#pkcs11-provider-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | -------------------------------------------------------------- | | *Synopsis* | Indicates whether the Key Manager Provider is enabled for use. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### key-store-pin | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the clear-text PIN needed to access the PKCS#11 Key Manager Provider . | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | NoneChanges to this property will take effect the next time that the PKCS#11 Key Manager Provider is accessed. | | *Advanced* | No | | *Read-only* | No | ### key-store-type | | | | ----------------------- | ------------------------------------------------------------------------ | | *Synopsis* | The type of the PKCS#11 key manager. | | *Description* | 1. If no type is specified, the default value of "PKCS11" will be used. | | *Default value* | PKCS11 | | *Allowed values* | Any PKCS#11 key store format supported by this Java runtime environment. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### pkcs11-provider-arg | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The argument passed to configure the PKCS#11 provider. | | *Description* | The provider argument is often a path to a properties file which contains the detailed configuration of the provider. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### pkcs11-provider-name | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The name of the PKCS#11 provider. | | *Description* | The provider name is usually the name used in the java.security file's "security.provider" list, such as "SunPKCS11". | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | --------------------------------------------------------------------------------------------------------- | | *Synopsis* | The fully-qualified name of the Java class that provides the PKCS#11 Key Manager Provider implementation. | | *Default value* | org.opends.server.extensions.PKCS11KeyManagerProvider | | *Allowed values* | A Java class that extends or implements:- org.opends.server.api.KeyManagerProvider | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | Yes | | *Read-only* | No | ### pkcs11-provider-class | | | | ----------------------- | ----------------------------------------------------------------------------------------------- | | *Synopsis* | The class of the PKCS#11 provider. | | *Description* | The main Java class implementing the PKCS#11 provider, such as "sun.security.pkcs11.SunPKCS11". | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No |