PKCS #11 library - AWS CloudHSM

PKCS #11 library

When you use the PKCS #11 library, your application runs as a particular crypto user (CU) in your HSMs. Your application can view and manage only the keys that the CU owns and shares. You can use an existing CU in your HSMs or create a new CU for your application. For information on managing CUs, see Managing HSM users with CloudHSM CLI and Managing HSM users with CloudHSM Management Utility (CMU)

To specify the CU to PKCS #11 library, use the pin parameter of the PKCS #11 C_Login function. For AWS CloudHSM, the pin parameter has the following format:

<CU_user_name>:<password>

For example, the following command sets the PKCS #11 library pin to the CU with user name CryptoUser and password CUPassword123!.

CryptoUser:CUPassword123!