Lib.rs

Cryptography | Hardware support
#pkcs11 #cryptoki #signatures #hsm

pkcs11-uri

PKCS #11 URI parser

by Nicolas Stalder

4 releases

0.1.3 Mar 23, 2022
0.1.2 Jan 24, 2021
0.1.1 Jan 10, 2021
0.1.0 Jan 10, 2021

#1701 in Cryptography

Download history 67/week @ 2023-10-17 73/week @ 2023-10-24 74/week @ 2023-10-31 69/week @ 2023-11-07 58/week @ 2023-11-14 71/week @ 2023-11-21 183/week @ 2023-11-28 79/week @ 2023-12-05 64/week @ 2023-12-12 125/week @ 2023-12-19 86/week @ 2023-12-26 45/week @ 2024-01-02 58/week @ 2024-01-09 56/week @ 2024-01-16 58/week @ 2024-01-23 73/week @ 2024-01-30

250 downloads per month
Used in 2 crates (via lpc55)

Apache-2.0 OR MIT

20KB
360 lines

API docs: https://nickray.github.io/pkcs11-uri/pkcs11_uri/

Getting started

One way to generate URIs to feed into this library is the p11tool in GnuTLS. Running p11tool --list-tokens returns the URIs for all available tokens. Running p11tool --list-all <token URI> then lists all the objects in that token. For private keys, use GNUTLS_PIN=<pin> p11tool --login --list-all <token URI>.

One way to create keypairs to use is with softhsm-util and pkcs11-tool:

softhsm2-util --init-token --free --label my-ca --pin 1234 --so-pin 1234
pkcs11-tool --module /usr/lib/libsofthsm2.so --token my-ca --login --pin 1234 --keypairgen --label my-signing-key --key-type RSA:2048

lib.rs:

PKCS#11 URI

Bare bones implementation of the RFC 7512 URI scheme for locating keys and other PKCS#11 objects.

This library is patched together from existing libraries, namely pkcs11, uriparse and percent-encoding, and is a work in progress.

Dependencies

~1.4–1.8MB
~31K SLoC