OpenDNSSEC > SoftHSM

SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface. You can use it to explore PKCS #11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Background

OpenDNSSEC handles and stores its cryptographic keys via the PKCS #11 interface. This interface specifies how to communicate with cryptographic devices such as HSM:s (Hardware Security Modules) and smart cards. The purpose of these devices is, among others, to generate cryptographic keys and sign information without revealing private-key material to the outside world. They are often designed to perform well on these specific tasks compared to ordinary processes in a normal computer.

A potential problem with the use of the PKCS #11 interface is that it might limit the wide spread use of OpenDNSSEC, since a potential user might not be willing to invest in a new hardware device. To counter this effect, OpenDNSSEC is providing a software implementation of a generic cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is designed to meet the requirements of OpenDNSSEC, but can also work together with other cryptographic products because of the PKCS #11 interface.

Download

Release:

• softhsm-1.1.3.tar.gz (2010-01-25)

SVN repository (Read the README.svn):

  svn co http://svn.opendnssec.se/trunk/softHSM/ 

Bug report

• Please mail to: rickard.bellgrim (a) iis.se
  Describe the error and in what context it happened.

Usage

• Pros and Cons
• README
• How it works
• Performance

Limitations

• Sessions
  Maximum 256 concurrent sessions with the library
• Objects
  The number of objects per token is limited by the integer counter of the database.
• Key generation
  RSA 512-4096 bit
• Sign and verify
  CKM_RSA_PKCS
  CKM_MD5_RSA_PKCS
  CKM_RIPEMD160_RSA_PKCS
  CKM_SHA1_RSA_PKCS
  CKM_SHA256_RSA_PKCS
  CKM_SHA384_RSA_PKCS
  CKM_SHA512_RSA_PKCS
• Digest
  CKM_MD5
  CKM_RIPEMD160
  CKM_SHA_1
  CKM_SHA256
  CKM_SHA384
  CKM_SHA512

Project SoftHSM

• Requirements for SoftHSM v1
• Deliverables

Project SoftHSM v2

Work has started on a new version of SoftHSM, SoftHSM v2:

• Requirements for SoftHSM v2
• Design of SoftHSM v2