Lib.rs

Cryptography
#hsm #pkcs11 #key-management #cosmian #pkcs #operation #metadata #hardware #module #traits

cosmian_kms_base_hsm

Base PKCS#11 HSM integration implementation

by Emmanuel Coste, Bruno Grieder and 11 contributors

2 stable releases

Uses new Rust 2024

5.3.0 Jun 3, 2025
5.0.0 May 9, 2025

#1883 in Cryptography

Download history 413/week @ 2025-05-07 313/week @ 2025-05-14 215/week @ 2025-05-21 110/week @ 2025-05-28 151/week @ 2025-06-04 168/week @ 2025-06-11 9/week @ 2025-06-18 9/week @ 2025-06-25

447 downloads per month
Used in 6 crates (2 directly)

BUSL-1.1

140KB
3K SLoC

Base HSM Implementation

This crate contains the implementation of a PKCS#11 client for a Hardware Security Modules (HSMs).

It provides a set of traits that define the operations that an HSM must support, as well as a set of data structures that represent the keys and metadata that an HSM can manage.

Implemented Operations

  • Key Generation: Create symmetric (AES) and asymmetric (RSA) keys
  • Key Pair Generation: Create public/private key pairs
  • Key Export: Export HSM objects
  • Key Deletion: Remove keys from the HSM
  • Key Search: Find keys based on object type filters
  • Encryption/Decryption: Perform cryptographic operations
  • Key Information: Retrieve key types and metadata

Supported Algorithms

  • AES: 128-bit and 256-bit keys
  • RSA: 1024-bit, 2048-bit, 3072-bit, and 4096-bit keys

Dependencies

~12–23MB
~252K SLoC