Skip to content

PKCS#11 Tracer getting started

On this page we will show you how to use the SandboxAQ Security Suite PKCS#11 Tracer to obtain a cryptography trace from a PKCS#11 application.


Before you use the PKCS#11 Tracer, make sure you have followed the installation instructions.

You will also need a PKCS#11 application that you know how to start from a command line terminal.

Tracing the application

To trace an application:

  • Configure the application to use the tracer DLL ( instead of its original DLL.
  • Configure the tracer to redirect PKCS#11 calls to the original DLL with the CS_DLL_TARGET environment variable.
Text Only
export CS_DLL_TARGET=/path/to/real/dll
  • Choose a directory where the application has write access and configure it to receive the traces generated.
Text Only
export CS_OUTPUT_DIR=/path/to/trace/output/directory

And run the application from the command line:

Text Only

Once the application finishes executing, a trace and log files will be produced in the output directory:

Text Only
├── trace_2022-06-08-15-32-30-693-17920.cst.gz
└── log_2022-06-08-15-32-30-693-17920.log

Refer to the API Client manual for instructions for uploading a trace.

See Configuration in the PKCS#11 Tracer reference manual for a list of all available parameters and how to use them.