This section describes the requirements to develop the four types of applications that can plug into the Cryptographic Framework.
To develop a user-level consumer, do all of the following:
Include<security/cryptoki.h>.
Make all calls through the PKCS #11 interfaces only.
Link withlibpkcs11.so.
Libraries should not call theC_Finalize() function.
SeeWriting User-Level Cryptographic Applications for more information.
To develop a user-level provider, a developer needs to keep the following items in mind:
Design the provider to stand alone. Although the provider shared object need not be a full-fledged library to which applications link, all necessary symbols must exist in the provider. Assume that the provider is to be opened bydlopen(3C) inRTLD_LAZY mode.
Create a PKCS #11 Cryptoki implementation in a shared object. This shared object should include necessary symbols rather than depend on consumer applications.
It is highly recommended though not required to provide a_fini() routine for data cleanup. This method is required to avoid collisions betweenC_Finalize() calls when an application or shared library loadslibpkcs11 and other provider libraries concurrently.
Package the shared object according to Oracle conventions.