softhsm2-migrate migrates token databases from SoftHSM v1 to SoftHSM v2 via the PKCS#11 interface. By default it targets libsofthsm2, but any PKCS#11 library can be used via --module.
softhsm2-migrate is only available when SoftHSM v2 is built with SQLite3 support (./configure --with-migrate). The SoftHSM v1 database is a SQLite3 file whose location is defined in the v1 configuration file.Options
Path to the SoftHSM v1 SQLite3 database file that will be migrated. The location of this file is specified in the SoftHSM v1 configuration.
Migrate objects into the SoftHSM v2 token whose label matches
label. Use this or --slot or --serial to identify the destination token.Migrate objects into the token at the specified slot number.
Migrate objects into the token whose serial number matches
number.The user PIN for the destination SoftHSM v2 token. Required when migrating private key objects.
Do not migrate public key objects. Only private keys and other objects are imported into the v2 token.
Use an alternative PKCS#11 library instead of the default SoftHSM v2 library.
Show the help screen.
Show version info.
Example
Migrate a v1 database into an existing v2 token namedmytoken:
Migration workflow
Locate the SoftHSM v1 database
Find the database path in your SoftHSM v1 configuration file (typically
/etc/softhsm/softhsm.conf). Look for the directories.tokendir or 0: token entry.See also
softhsm2-util— token management and key importsofthsm2-keyconv— key format conversionsofthsm2.conf(5)— SoftHSM v2 configuration reference