A daemon to handle Secure Boxes (cryptographic keys, X509 certificates and data objects), accessible through a PKCS#11 library, supporting non-certified (lite) Hardware or Software Security Modules.
Version 1.1.1 (Release Candidate 1)
LSM-PKCS11 is a package intended to support the implementation of Lite Security Modules, i.e. a kind of not certified Software or Hardware Security Modules (HSM, SSM). The targets of such implementations are PKIs (Public Keys Infrastructures) for intra-company and network applications, requiring a non-trivial security level but not so 'budgeted' to allow the acquisition of true (certified) HSMs, whose cost starts from as little as some thousands dollars.
The basic component of LSM-PKCS11 is a multi-threaded daemon that can be hosted on a little dedicated system, running Linux (or if you like it, Windows NT/2000XP as well), to support a set of cryptographic operations released by OpenSSL library on some well-protected files (Security Boxes) hosting cryptographic items like public and private keys, secret keys, data objects, certificates and so on.
The daemon services can be accessed via a TCP/IP connection with the support of a shared library (DLL in Windows environment) conforming to the PKCS#11 standard developed by RSA Laboratories, also known as Criptoki. PKCS#11 is part of the Public-Key Cryptography Standards (PKCS).
Developing LSM-PKCS#11 I tried to adhere as much as possible to the PKCS#11 standard specifications, so to allow a full integration with applications using PKCS#11 interface to access security tokens for digital signature, verification, and other cryptographic facilities.
The first version of the package supports only the minimum of cryptographic mechanisms:
But after full initial testing, the package will be easily extended to support more and more cryptographic mechanisms.
The initial deployment and following testing didnít cost too much (just a month of evenings and holidays, thanks to the patience of my wife Laura, and some boring winter week-ends). At last I came to the first release candidate version. Obviously any help is welcome, in the aim to consolidate the package. Remaining activities are: