pkcs11-helper
Table of Contents
PKCS#11 is a published standard. PKCS#11 is the de-facto standard to access cryptographic devices.
pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications using a simple API and optional OpenSSL engine.
Download
Gentoo
Debian
Contributed by S. Wefel. libpkcs11-helper1
License
Features
pkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API.
pkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption.
Compatibility
- The pkcs11-helper library is available in POSIX and WIN32 compliant systems.
- The pkcs11-helper library should work with almost any PKCS#11 provider, since it uses the minimum required features of the PKCS#11 standard, a list of WorkingProviders? is available.
API Documentation
Here.
Projects
- OpenVPN
- OpenSSH PKCS#11 patch
- GnuPG PKCS#11 smartcard daemon
- Qt Cryptographic Architecture PKCS#11 plugin
- Linux Disk Encryption Integration
- GnuTLS PKCS#11
- PKCS#11 Key Module for eCryptfs
Authors
Alon Bar-Lev <alon.barlev@…>