DSM Accelerator PKCS#11 Deployment

1.0 Introduction

Fortanix-Data-Security-Manager (DSM), in conjunction with DSM Accelerator, provides a comprehensive application encryption and tokenization service with high throughput and low latency.

Fortanix DSM allows you to securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.

This article describes the Fortanix DSM Accelerator PKCS#11 deployment steps.

2.0 Supported Operating Systems

For information on the DSM Accelerator PKCS#11 supported operating systems, refer to DSM Accelerator - Compatibility Matrix.

3.0 Installation

The RPM and DEB installer copies the Fortanix DSM Accelerator PKCS#11 shared object file (library) to /opt/fortanix/pkcs11/fortanix_accelerator_pkcs11.so.

Download the latest .so file and use it directly from here.

For more information on installation and configuration, refer to PKCS#11 Library.

4.0 Deployment Process

• The Fortanix DSM Accelerator PKCS#11 is deployed locally on the application client machine.

• The Fortanix DSM Accelerator client authenticates with Fortanix DSM using an API key.

• Applications call crypto functions such as C_Encrypt, C_Decrypt, and so on in the PKCS#11 DSM Accelerator library to perform cryptographic operations.

• When a key is used for the first time, it is fetched from Fortanix DSM and then gets cached in the DSM Accelerator cache memory.

• For subsequent calls, the cached key is used.

• The key will stay cached until the application that uses Fortanix DSM Accelerator is restarted or if the host where DSM Accelerator is running is restarted.

5.0 Additional References

• For information on Fortanix DSM Accelerator PKCS#11 configurations and supported features, refer to the DSM Accelerator PKCS#11 Developer Guide.

• For information about the Fortanix DSM Accelerator, refer to DSM Accelerator-Concepts.