Introduction to p11-kit

The p11-kit package provides a way to load and enumerate PKCS #11 (a Cryptographic Token Interface Standard) modules.

This package is known to build and work properly using an LFS-8.0 platform.

Package Information

p11-kit Dependencies



NSS-3.29, GTK-Doc-1.25 and libxslt-1.1.29

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/p11-kit

Installation of p11-kit

Install p11-kit by running the following commands:

./configure --prefix=/usr     \
            --sysconfdir=/etc \
            --with-trust-paths=/etc/pki/anchors &&

To test the results, issue: make check.

Now, as the root user:

make install

Command Explanations

--with-trust-paths=/etc/pki/anchors: this switch sets the location of trusted certificates used by libp11-kit.so.

--with-hash-impl=freebl: Use this switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing.

--enable-doc: Use this switch if you have installed GTK-Doc-1.25 and libxslt-1.1.29 and wish to rebuild the documentation and generate manual pages.

Configuring p11-kit

If NSS-3.29 is installed, /usr/lib/libp11-kit.so can be used as a drop-in replacement for /usr/lib/libnssckbi.so to transparently make the system CAs available to NSS aware applications, rather than the static list provided by /usr/lib/libnssckbi.so. As the root user, execute the following commands:

readlink /usr/lib/libnssckbi.so || \
mv -v /usr/lib/libnssckbi.so /usr/lib/libnssckbi.so.orig &&
ln -sfv libp11-kit.so /usr/lib/libnssckbi.so


Installed Program: p11-kit and trust
Installed Libraries: libp11-kit.so and p11-kit-proxy.so
Installed Directories: /etc/pkcs11, /usr/include/p11-kit-1, /usr/lib/{p11-kit,pkcs11}, /usr/share/gtk-doc/html/p11-kit, and /usr/share/p11-kit

Short Descriptions


is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system.


is a command line tool to examine and modify the shared trust policy store.


contains functions used to coordinate initialization and finalization of any PKCS#11 module.


is the PKCS#11 proxy module.

Last updated on 2017-02-14 22:04:32 -0800