Skip to main content
Version: 8.2511.x.x RR

Appendix F - The PKCS#11 Cryptoki Trace Wrapper

The library navajo_pkcs11_wrapper_so can be configured to trace all HSM-function calls. It can be useful to see what happens if some problem occurs. The library navajo_pkcs11_wrapper_so can be used like this:

Replace the configured pkcs11 library with the navajo_pkcs11_wrapper_so library.
For example with Securosys replace in the file /usr/local/primus/conf/openssl.cnf, the line:

pkcs11-module-path = /usr/local/primus/lib/libprimusP11.so

with

pkcs11-module-path = /opt/nevisproxy/lib/libnavajo_pkcs11_wrapper_so.so.1

Configure the tracegroup NavajoPkcs11 to 4 and add the bc-property ch.nevis.navajo.pkcs11.library setting it to the library which was configured originally:

ch.nevis.navajo.pkcs11.library=/usr/local/primus/lib/libprimusP11.so
BC.Tracer.DebugProfile.NavajoPkcs11=4

Restart the proxy and in the log you should see entries like this one:

2025 07 21 10:46:14.264 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  C_Initialize (pInitArgs=0x7fff0479b460) {
2025 07 21 10:46:14.940 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  } = 0
2025 07 21 10:46:14.941 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  C_GetInfo () {
2025 07 21 10:46:14.941 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  } = 0
2025 07 21 10:46:14.941 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  C_GetSlotList (tokenPresent=false, pSlotList= (nil), pulCount=0x7fff0479b2f8) {
2025 07 21 10:46:14.942 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  } = 0
2025 07 21 10:46:14.942 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  C_GetSlotList (tokenPresent=false, pSlotList= 0x55f0294f5f30, pulCount=0x7fff0479b2f8) {
2025 07 21 10:46:14.943 isi3web    NavajoPkcs 1938530.140712733613184 9-DBG_HI:  } = 0
...