Skip to content
Rust PKCS#11 Library
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
pkcs11-docs updating PKCS11 docs section Nov 8, 2017
src mut-ify PKCS#11 API to be consistent with C Oct 1, 2019

Rust PKCS#11 Library

This is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.


Testing is currently done with SoftHSM2. A trillion thanks to the people at OpenDNSSEC for writing SoftHSM. This makes it possible to develop applications that need to support PKCS#11. I would have no idea what to do without it. (Suggestions are always welcome.)


Here is a list of the implementation status and plans on what to do next:

  • Dynamic loading of PKCS#11 module (thanks to libloading)
  • Initializing and Dropping PKCS#11 context
  • Implementing Token and PIN Management functions
  • Implementing Session Management functions
  • Implementing Object Management functions
  • Implementing Key Management functions
  • Implementing Encryption/Decryption functions (TODO: tests still missing)
  • Implementing Message Digest functions (TODO: tests still missing)
  • Implementing Signing and MACing (TODO: tests still missing)
  • Implementing Verifying of signatures and MACs (TODO: tests still missing)
  • Implementing Dual-function cryptographic operations (TODO: tests still missing)
  • Implementing Legacy PKCS#11 functions
  • Reorganize code of low-level API (too bloated, which we all know is what PKCS#11 is like)
  • Import the rest of the C header pkcs11t.h types into rust
  • Import the rest of the C header pkcs11f.h functions into rust
  • C type constants to string converter functions, and the reverse (maybe part of the high-level API?)
  • Design and implement high-level API
  • Publish on (wow, that was easy)
  • Write and Generate Documentation for Rust docs
  • Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)
You can’t perform that action at this time.