PKCS#11 Tracer getting started guide↑
This guide explains how to use the SandboxAQ PKCS#11 Tracer to obtain a cryptography trace from a PKCS#11 application.
Prerequisites↑
Before using the PKCS#11 Tracer, make sure you’ve followed the installation instructions.
You’ll also need a PKCS#11 application that you can run in a terminal.
Tracing the application↑
To trace an application:
First, configure the application to use the PKCS#11 Tracer DLL (pkcs11_tracer.so
) instead of its
original DLL.
Next, configure the PKCS#11 Tracer to redirect PKCS#11 calls to the original DLL with the
CS_DLL_TARGET
environment variable:
Navigate to a directory where you have write permissions and configure it to receive the generated traces:
Lastly, run the application from the command line:
When your application has finished executing, the directory you chose earlier will contain the generated trace and log file(s):
/path/to/trace/output/directory
├── trace_2022-06-08-15-32-30-693-17920.cst.gz
└── log_2022-06-08-15-32-30-693-17920.log
Note
If the traced application is terminated abruptly, the resulting gzip
file may be missing a trailer and appear to be corrupted. However, AQtive Guard should still be able to analyze the contents of the trace.
Upload the trace to AQtive Guard to run an analysis and generate a report. Refer to these instructions:
- Web Interface - Uploading a new trace
- API - Upload a trace using the API Client
Refer to Configuration in the PKCS#11 Tracer reference for a list of available parameters.