![]() ![]() ![]() |
Requirements for the PKCS #11 Modules
The use of PKCS #11 with SSH Tectia Certifier requires the following from a PKCS #11 implementation:
- The device has to support RSA.
- All RSA key pairs in the device must have the
CKA_ID
attribute. The corresponding public and private keys must have the sameCKA_ID
value. TheCKA_ID
attribute is only a recommendation in PKCS #11, but the attribute is required by SSH Tectia Certifier. The Eracom and nCipher devices have been tested to work as recommended.


