Vault Entropy Augmentation

Once you've built qryptoki, this page will help you connect it to a Vault cluster for Entropy Augmentation.

(For information on HashiCorp's Vault and its Enterprise version, check out their website. You can read about its Entropy Augmentation feature here.)

Requirements (beyond those of qryptoki)

An installed Vault Enterprise + HSM binary with an active or trial license
- Look for vault_a.b.c+ent.hsm on the release page

Step 1: Build and Install qryptoki

Follow the instructions in this project's README (including the linked Requirements Setup) to install qryptoki.

Step 2: Initialize a qryptoki token

PKCS#11 defines a token as the logical view of cryptographic device. Initializing a token...

provides a slot number for you to connect to the device and
sets the PIN and label.

If you know how to initialize a token for your base HSM, go ahead and do that! It's equivalent to initializing a token for qryptoki, since qryptoki doesn't store any per-token information.

Otherwise, use the mini-softhsm2-util helper tool explained in the README.

Step 3: Configure Vault for Entropy Augmentation

Follow the steps from Vault's Entropy Augmentation tutorial.

In particular, set the following parameters in the entropy stanza:

lib ("/path/to/Qrypt-PKCS-11/package/lib/libqryptoki.so")
slot OR token_label (from Step 2)
pin (user PIN from Step 2)
key_label (anything)
hmac_key_label (anything)
generate_key (true)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vault Entropy Augmentation

Requirements (beyond those of qryptoki)

Step 1: Build and Install qryptoki

Step 2: Initialize a qryptoki token

Step 3: Configure Vault for Entropy Augmentation

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally