SoftHSM

- What is a softhsm ?

PKCS #11 API is meant for Hardware Security Modules. These are hardware devices that can be an appliance, a PCI/PCIe card, a USB device, USB token, or a Smart Card. These devices are required to be purchased if you want to use the PKCS#11 API. SoftHSM2 offers a free-to-use easy alternative to these devices. SoftHSM is a software-based implementation of a hardware security module. It supports PKCS#11 API and can be used to test PKCS #11-based applications.
https://www.opendnssec.org/softhsm/

- Installing SoftHSM2 on Windows

Download the installer for softhsm from the link below. Simply read and follow the steps by installation wizard.

https://github.com/disig/SoftHSM2-for-Windows/releases

SoftHSM provides the functionality of a hardware security module but does not include utilities for cryptographic operations. For this tutorial, we will be using OpenSC utilities available at the link below.

https://github.com/OpenSC/OpenSC

- Installing SoftHSM2 on Linux

SoftHSM2 can be easily installed using package managers such as YUM (for RHEL), APT (for DEBIAN), and PACMAN (for ARCH). Simply search for SoftHSM2 and install the listed package. If, for some reason, you can't use any of these package managers, your alternative is to install SoftHSM2 from source.

Installing SoftHSM2 from source.

You may require to install GCC, OPENSSL-DEVEL, and OPENSC before building softhsm2.

Download the source using the link below

wget https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz

Extract the downloaded tarball.

tar xf softhsm-2.6.1.tar.gz

Change to the extracted directory and configure the makefile

./configure --prefix=/opt/softhsm2

Build softhsm source

make

Install the softhsm binaries.

make install

- SoftHSM Commands

# Display version of Softhsm

softhsm2-util -v
2.6.1

# List available slots

softhsm2-util --show-slots
Available slots:
  Slot 0
    Slot info:
        Description:      SoftHSM slot ID 0x0
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

# Initialize a slot

softhsm2-util --init-token --slot 0 --label Token1
=== SO PIN (4-255 characters) ===
Please enter SO PIN: **********
Please reenter SO PIN: **********
=== User PIN (4-255 characters) ===
Please enter user PIN: **********
Please reenter user PIN: **********
The token has been initialized and is reassigned to slot 525803377

- OpenSC pkcs11-tool command

# Display information about softhsm2 library

pkcs11-tool --show-info --module /usr/local/softhsm2/lib/softhsm/libsofthsm2.so
Cryptoki version 2.40
Manufacturer     SoftHSM
Library          Implementation of PKCS11 (ver 2.6)
Using slot 0 with a present token (0x3f93e815)

# Get the list of all slots

pkcs11-tool --list-slots --module /usr/local/softhsm2/lib/softhsm/libsofthsm2.so
Available slots:
Slot 0 (0x3f93e815): SoftHSM slot ID 0x3f93e815
  token label        : Token1
  token manufacturer : SoftHSM project
  token model        : SoftHSM v2
  token flags        : login required, rng, token initialized, PIN initialized, other flags=0x20
  hardware version   : 2.6
  firmware version   : 2.6
  serial num         : 5d061722bf93e815
  pin min/max        : 4/255
Slot 1 (0x1): SoftHSM slot ID 0x1
  token state:   uninitialized