In PKCS#11 you need tokens in order to do cryptographic operations. Tokens can be viewed as object stores where you can store e.g. private and public keys. A token must then be attached to a slot so that you can use it.

Slots and tokens are handled by the SoftHSM configuration file. The given paths in the configuration file are just an indication to SoftHSM on where it should store the information for each token. The token databases will be created when the tokens gets initialized.


Each pair of slot and token are configured on one line. Starting with an unsigned integer as the slot ID and then a path where SoftHSM can create a SQLite database. These parameters are separated by a semicolon. It is OK to have extra space between the parameters, since these will be ignored.


It is also possible to add comments in the file by using the hash sign. Anything after the hash sign will be ignored.


Any line that does not have the correct format will be ignored.



1:/home/user/token.database                # My own token



When defined, the value will be used as path to the configuration file.



default location of the SoftHSM configuration file


an example of a SoftHSM configuration file


Written by Rickard Bellgrim.

RELATED TO softhsm.conf…