Key pairs for this instance will be generated and stored on a device called a security module.
A key pair consists of a public key and a private key. A private key is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the key. A public key is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a certificate.
Security modules can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more slots. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
Finally, a token (often generically referred to as a smartcard), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.

Module/Token	Status	Default	Operations
$module.getUserFriendlyName()	#if ($module.isFound()) Found #else Not Found #end
- $token.getNickName()	#if ($token.isPresent() && $token.isLoggedIn()) Logged In #else Not logged In #end	#if ($token.isPresent() && $token.isLoggedIn()) #if ($defTok == $token.getNickName()) #else #end #end	#if ($token.isPresent() && !$token.isLoggedIn()) Login #end

Module/Token	Status	Default	Operations
$module.getUserFriendlyName()	#if ($module.isFound()) Found #else Not Found #end
- $token.getNickName()	#if ($token.isPresent() && $token.isLoggedIn()) Logged In #else Not logged In #end	#if ($defTok == $token.getNickName()) #else #end	#if ($token.isPresent() && !$token.isLoggedIn()) Login #end

Supported Security Modules

Other Security Modules