Installation
Supported Platforms
-
Linux
- RHEL 9/8/7 x64, CentOS (8)/7 x64, Oracle Linux 9/8/7 x64
- Ubuntu 24/22/20/18/16 x64
- Debian 12/11/10/9/8 x64
- SUSE Linux Enterprise Server SLES15/12 (x64)
- other OS available upon request
tip
Many other Linux distributions may work correctly, provided the GLIBC libraries are compatible (e.g. Rocky Linux).
Have a try using the PrimusAPI_PKCS11-X-2.x.y-rhel8-x86_64.tar.gz archive and follow the instructions under 'Linux – Manual Installation'.
-
Microsoft Windows
- Windows 7 x64/x32 or newer
- Windows Server 2012R2 or newer
Library Requirements
-
Linux (GLIBC/GLIBCXX): latest gcc-runtime and g++ runtime libraries of the distribution
-
Windows: Visual C++ Redistributable Packages for Visual Studio 2015
Packages
The following table shows which package is to be used for the different OS platforms:
| Package | for Platform (all 64-bit except Win32) |
|---|---|
| PrimusAPI_PKCS11-X-2.x.y-debian10-aarch64.deb | Ubuntu 22/20, Debian 11/10 (ARM-64) |
| PrimusAPI_PKCS11-X-2.x.y-debian10-x86_64.deb | Ubuntu 22/20, Debian 11/10 (x86_64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel7-aarch64.rpm | RHEL/CentOS 7 (ARM-64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel7-x86_64.rpm | RHEL/CentOS 7 (x86_64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel8-aarch64.rpm | RHEL/CentOS 8 (ARM-64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel8-x86_64.rpm | RHEL/CentOS 8 (x86_64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel7-aarch64.tar.gz | RHEL/CentOS 7, Ubuntu 16, Debian 8, SLES12 (ARM-64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel7-x86_64.tar.gz | RHEL/CentOS 7, Ubuntu 16, Debian 8, SLES12 (x86_64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel8-aarch64.tar.gz | RHEL/CentOS 8, Ubuntu 22/20/18, Debian 11/10/9, SLES15 or newer (ARM-64) |
| PrimusAPI_PKCS11-X-2.x.y-rhel8-x86_64.tar.gz | RHEL/CentOS 8, Ubuntu 22/20/18, Debian 11/10/9, SLES15 or newer (x86_64) |
| PrimusAPI_PKCS11-X-2.x.y-win64.msi | Windows 7 and newer, Windows Server 2012R2 and newer |
| PrimusAPI_PKCS11-X-2.x.y-win32.msi | Windows 7 and Windows Server 2012R2 and newer |
Installation
- Linux - Package Manager
- Linux - Manual Installation
- Linux - Manual Upgrade
- Windows - Installation
Linux - Package Manager
Choose the package that fits your distribution and architecture. Then use the system's package manager to install it.
RHEL/CentOS
rpm install ./PrimusAPI_PKCS11-X-*.rpm
Ubuntu/Debian
apt install ./PrimusAPI_PKCS11-X-*.deb
If the configuration files in /etc/primus exist and they are different from the ones shipped with the package, the package manager will ask you if you want to keep your current configuration.
The $PRIMUS_HOME is located at /usr/local/primus. The ppin tool
and the test scripts can be found in $PRIMUS_HOME/bin.
The installer created a group primus. Add all users using the PKCS#11 provider to this group primus (sudo usermod -a -G primus user).
Note: Adding a user to a new group may require logout/login or reboot to update permissions. (as temporary workaround you may use newgrp primus or sudo login -f <user>)
While setting up the provider you need to access the ppin tool and
the test scripts (possibly multiple times). Typing the full path to
the tool can be tedious. You can avoid this by adding the
$PRIMUS_HOME/bin directory to your PATH variable.
export PRIMUS_HOME=/usr/local/primus
export PATH=$PRIMUS_HOME/bin:$PATH
The above export statements are only valid for the current shell. Assign the variables at startup to the necessary user(s), which varies depending on used shell and operating system.
Linux - Manual Installation
For updating an existing provider, change the tab to "Linux - Manual Upgrade"
-
Extract
PrimusAPI_PKCS11-version-platform.tar.gzfile with privileged user to/usr/local/. All the files will be extracted to the subdirectory./primus. Further documentation assumes the provider in/usr/local/primus/. If installed to another location adapt environment variables etc. accordingly. -
Add a group and system user
primus; assign all files to user and group primus (recursive); remove rights for others; add all users using the PKCS#11 provider to the group primus (sudo usermod -a -G primus user). -
Add
/usr/local/primus/binto search PATH and/usr/local/primus/libto LD_LIBRARY_PATH.
sudo tar -xvzf PrimusAPI_PKCS11-version-platform.tar.gz -C /usr/local/
sudo groupadd primus
sudo useradd --no-create-home --system primus --gid primus
sudo chown -R primus:primus /usr/local/primus
sudo chmod -R o-rwxst /usr/local/primus
sudo usermod -a -G primus user
export PRIMUS_HOME=/usr/local/primus
export PATH=$PRIMUS_HOME/bin:$PATH
export LD_LIBRARY_PATH=$PRIMUS_HOME/lib:$LD_LIBRARY_PATH
Note:
-
Adding a user to a new group may require logout/login or reboot to update permissions. (as temporary workaround you may use
newgrp primusorsudo login -f <user>) -
The above export statements are only valid for the current shell. Assign the variables at startup to the necessary user(s), which varies depending on used shell and operating system.
For first time installations, copy the original configuration
files from /usr/local/primus/etc to /etc/primus so they don't get
overwritten by further updates:
sudo mkdir /etc/primus
sudo cp -vp /usr/local/primus/etc/primus.cfg /etc/primus/
sudo cp -vp /usr/local/primus/etc/.secrets.cfg /etc/primus/
The following table lists the default installation directory structure and their content:
| Installation Directory | Files |
|---|---|
| /usr/local/primus | PRIMUS_HOME, Primus home directory |
| /usr/local/primus/bin | ppin (Primus permanent PIN utility) |
| /usr/local/primus/lib | libprimusP11.so (PKCS#11 Provider) |
| /usr/local/primus/etc | primus.cfg configuration and .secrets.cfg file templates |
| /usr/local/primus/include | PKCS#11 header files for integrations |
Linux - Manual Upgrade
In case your active configuration is still located under
/usr/local/primus/etc/ you should move it to /etc/primus/ as an
upgrade may overwrite configuration files within the folder
/usr/local/primus/etc/ (revisit the tab "Linux - Fresh Provider Installation")
- (Re)move the current folder
/usr/local/primus - Extract
PrimusAPI_PKCS11-version-platform.tar.gzfile with a privileged user to/usr/local/primus - Assign all files recursively to the previously defined group and user (default: primus:primus) and remove rights for others
- The commands have to be adjusted in case you are using a different user group or installed the provider at a different location
sudo mv -v /usr/local/primus /usr/local/primus.backup
sudo tar -xvzf PrimusAPI_PKCS11-version-platform.tar.gz -C /usr/local/
sudo chown -R primus:primus /usr/local/primus
sudo chmod -R o-rwxst /usr/local/primus
Windows - Installation
Installing PrimusAPI_PKCS11-version-platform.msi, requires admin
privileges to install the required files and registry entries.
Backup any active configuration files primus.cfg and .secrets.cfg
before updating as they will be overwritten!
Install the provider by double-clicking the PrimusAPI_PKCS11-2.x.y-win64.msi file or via Active Directory group policy. If desired, add the program location (%ProgramFiles%\Securosys\Primus P11) to the PATH environment variable. The following table lists the default installation directory structure and their content:
| Installation Directory | Files |
|---|---|
| C:\Program Files\Securosys\Primus P11 | PRIMUS_HOME, Primus directory |
| %PRIMUS_HOME%\primusP11.dll | PKCS#11 x64 interface |
| %PRIMUS_HOME%\primusP11.lib | PKCS#11 x64 library |
| %PRIMUS_HOME%\primus.cfg | PKCS#11 configuration file |
| %PRIMUS_HOME%\.secrets.cfg | PKCS#11 secrets file |
| %PRIMUS_HOME%\ppin.exe | Primus permanent PIN utility ppin |
| C:\Program Files\Securosys\Primus P11\include | PKCS#11 header files for integrations |