= [wiki:WikiStart OpenDNSSEC] > SoftHSM = SoftHSM is an implementation of a cryptographic store accessible through a [wiki:PKCS11 PKCS #11] interface. You can use it to explore [wiki:PKCS11 PKCS #11] without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations. == Background == OpenDNSSEC handles and stores its cryptographic keys via the [wiki:PKCS11 PKCS #11] interface. This interface specifies how to communicate with cryptographic devices such as [wiki:HSM]:s (Hardware Security Modules) and smart cards. The purpose of these devices is, among others, to generate cryptographic keys and sign information without revealing private-key material to the outside world. They are often designed to perform well on these specific tasks compared to ordinary processes in a normal computer. A potential problem with the use of the [wiki:PKCS11 PKCS #11] interface is that it might limit the wide spread use of OpenDNSSEC, since a potential user might not be willing to invest in a new hardware device. To counter this effect, OpenDNSSEC is providing a software implementation of a generic cryptographic device with a [wiki:PKCS11 PKCS#11] interface, the SoftHSM. SoftHSM is designed to meet the requirements of OpenDNSSEC, but can also work together with other cryptographic products because of the [wiki:PKCS11 PKCS #11] interface. == Download == Release: * [http://www.opendnssec.org/files/source/softhsm-1.1.3.tar.gz softhsm-1.1.3.tar.gz] (2010-01-25) SVN repository (Read the README.svn): {{{ svn co http://svn.opendnssec.se/trunk/softHSM/ }}} == Bug report == * Please mail to: rickard.bellgrim (a) iis.se[[BR]]Describe the error and in what context it happened. == Usage == * [wiki:SoftHSM/ProsCons Pros and Cons] * [wiki:SoftHSM/Install README] * [wiki:SoftHSM/HowItWorks How it works] * [wiki:SoftHSM/Performance Performance] == Limitations == * '''Sessions'''[[BR]]Maximum 256 concurrent sessions with the library * '''Objects'''[[BR]]The number of objects per token is limited by the integer counter of the database. * '''Key generation'''[[BR]]RSA 512-4096 bit * '''Sign and verify'''[[BR]]CKM_RSA_PKCS[[BR]]CKM_MD5_RSA_PKCS[[BR]]CKM_RIPEMD160_RSA_PKCS[[BR]]CKM_SHA1_RSA_PKCS[[BR]]CKM_SHA256_RSA_PKCS[[BR]]CKM_SHA384_RSA_PKCS[[BR]]CKM_SHA512_RSA_PKCS * '''Digest'''[[BR]]CKM_MD5[[BR]]CKM_RIPEMD160[[BR]]CKM_SHA_1[[BR]]CKM_SHA256[[BR]]CKM_SHA384[[BR]]CKM_SHA512 == Project SoftHSM == * [wiki:SoftHSM/OriginalReq Requirements for SoftHSM v1] * [wiki:SoftHSM/Deliverables Deliverables] == Project SoftHSM v2 == Work has started on a new version of SoftHSM, SoftHSM v2: * [wiki:SoftHSM/Requirements Requirements for SoftHSM v2] * [wiki:SoftHSM/Design Design of SoftHSM v2]