pkcs11-tools

A set of tools to manage objects on PKCS#11 cryptographic tokens. Compatible with many PKCS#11 library, including major HSM brands, NSS and softoken.

OTHER License

Downloads
52
Stars
158
Committers
4
View Code on GitHub
Ecosystems: Linux, macOS, Windows, C

Bot releases are visible (Hide)

pkcs11-tools - v2.6.0 Latest Release

Published by keldonin over 1 year ago

added

  • support for AWS Cloud HSM. Check documentation for limitations.

fixed

  • with recent versions of GCC, compilation issue with lexx and yacc produced source code (PR #38)
  • when automake<1.14 is used, use an older, compatible commit for gnulib

updated

  • gnulib in now built from a stable branch, stable-202307
pkcs11-tools - v2.5.1

Published by keldonin over 1 year ago

added

  • adding -S option flag for p11keygen, for enabling key generation when logged in as Security Officer (PR #33)

fixed

  • fixed a few memory management issues, preventing to import EC public keys when using p11keygen, p11unwrap and p11importpubk.
pkcs11-tools - v2.5.0

Published by keldonin about 3 years ago

Added

  • CKA_ALLOWED_MECHANISMS support for all key management utilities (p11keygen, p11wrap, p11unwrap, p11rewrap, p11ls, p11od)

Fixed

  • p11wrap: fixed memory leaks
pkcs11-tools - v2.4.2

Published by keldonin about 3 years ago

Fixed

  • p11ls: removed duplicate CKA_CHECK_VALUE attribute from C_GetAttributeValue() call on secret keys (may cause issues on some PKCS#11 tokens)
pkcs11-tools - v2.4.1

Published by keldonin about 3 years ago

Fixed

  • template content is no more wrapped/displayed if length is not a multiple of CK_ATTRIBUTE structure, to ignore templates incorrectly reported by some tokens
pkcs11-tools - v2.4.0

Published by keldonin about 3 years ago

  • support for template attributes on most commands
pkcs11-tools - v2.3.1

Published by keldonin over 3 years ago

  • some of the mgf argument values for p11wrap, p11rewrap and p11keygen were incorrect. The documentation has also been adjusted (issue #30)
  • p11more, p11req, p11mkcert and p11cat could not deal with Edwards curve if the curve parameter was specified as a named curve (issue #32)
pkcs11-tools - v2.3.0

Published by keldonin over 3 years ago

  • added p11kcv the ability to specify a buffer length, when performing HMAC key check values (default is 0).
pkcs11-tools - v2.2.0

Published by keldonin over 3 years ago

This minor release adds the following features:

  • p11kcv will compute a Key Check Value on CK_GENERIC_SECRET keys as well. These are mapped to HMAC-SHA256.
  • p11slotinfo now prints library information
  • support for FreeBSD ports and packaging
  • for Edwards curve based keys, allow providing curve name instead of OID when generating a key
pkcs11-tools - v2.1.3

Published by keldonin over 3 years ago

Fixes

  • ensure that OpenSSL 1.1.1e or above is used, detected during configure now, issue #27
  • ensure that threading library is referenced, to allow building with static OpenSSL library without having to specify additional library with LIBS
pkcs11-tools - v2.1.2

Published by keldonin over 3 years ago

  • Fixed a memory corruption issue that caused p11rewrap to crash, when working on elliptic curve key pairs
pkcs11-tools - v2.1.1

Published by keldonin over 3 years ago

Bug bix: wrapping DES keys with PKCS#1 v1.5 algorithm bug corrected

pkcs11-tools - v2.1.0

Published by keldonin almost 4 years ago

  • support for Edwards curve based keys ( ED448 and ED25519 ), for all commands (closing issue #11).
pkcs11-tools - v2.0.2

Published by keldonin almost 4 years ago

  • include file lib/pkcs11_ossl.h to the source distribution (Issue #24)
  • typo in documentation (Issue #24)
  • compilation on older RedHat derivatives that use openssl11-dev instead of openssl-dev
pkcs11-tools - v2.0.1

Published by keldonin almost 4 years ago

This patch release fixes a number of issues preventing to cross-compile the toolkit for Windows. The documentation related to cross-compiling has also been updated.

pkcs11-tools - v2.0.0

Published by keldonin almost 4 years ago

The toolkit has reached v2.0. It features several major changes:

  • it supports (and requires) OpenSSL v1.1.1+
  • signing commands (p11mkcert, p11req and masqreq) implement OpenSSL algorithm methods. This will enable supporting more algorithms in the future.
  • major overhaul of the wrapping/unwrapping system: it is now possible to perform double wrapping (aka enveloppe wrapping) with a single command, in a secure fashion
  • p11keygen can now generate a session key and wrap it under one or several wrapping keys
  • a new command, p11rewrap, allows to unwrap a key and immediately rewrap in under one or several wrapping keys, in a secure fashion.
  • helper scripts greatly enhanced, to support also pkcs11-spy.so shim when executing a command.
  • support for more HSMs and cryptographic tokens included
pkcs11-tools - v1.2.0

Published by keldonin over 4 years ago

Enhanced

  • implemented CKA_AES_KEY_WRAP (rfc3394) and CKA_AES_KEY_WRAP_PAD (rfc5649)
  • added support for Gemalto Safenet Luna HSM
  • added flavour=nss parameter to rfc5649 algorithm, to identify non compliant RFC5649 implementation of NSS

Fixed

  • fixed compilation warning on linux/debian 10 with gcc
  • fixed issue that prevented cross-compilation to work, for mingw32
pkcs11-tools -

Published by keldonin almost 5 years ago

  • the build process can leverage pkg-config, when available
  • the Git repository does not store generated source files anymore. It requires to execute bootstrap.sh before configure
  • gnulibis now a submodule of the project
  • PKCS11 version upgraded to v2.40, with the backport of EdDSA defines from v3.0
  • enhanced installation documentation
pkcs11-tools -

Published by keldonin about 5 years ago

  • Fix for token labels having maximum length (i.e. 32 characters) (Issue #7)
pkcs11-tools -

Published by keldonin almost 6 years ago

Fix for Issue #1: cross-compilation fails when trying to detect optional header files.
Fixed in Pull Request #2

Package Rankings
Top 33.9% on Formulae.brew.sh