Skip to content
/ Qrypt-PKCS-11 Public

A wrapper of PKCS#11's Cryptoki interface with Qrypt-sourced entropy.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

QryptInc/Qrypt-PKCS-11

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
inc
inc
 
 
integration-tests
integration-tests
 
 
src
src
 
 
third-party-licenses
third-party-licenses
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Qrypt-PKCS-11

Introduction

This repository contains the source code for qryptoki, a wrapper of the PKCS#11 interface that returns quantum-sourced entropy to C_GenerateRandom calls.

Requirements

  • Supported OSes
    • Ubuntu (tested on 20.04)
    • Fedora (tested on 28)
  • Dependencies
    • CMake (>= 3.19)
    • libcurl
    • OpenSSL
    • RapidJSON
    • GTest + GMock
  • A "base HSM" that will be used to satisfy PKCS#11 functions not handled by Qryptoki
  • An active Qrypt entropy token

See the Requirements Setup page on the GitHub wiki for help setting these up.

Getting Started

Environment variables

  • Required
    • QRYPT_BASE_HSM_PATH: The absolute path to the base HSM. (For example, if you followed the default SoftHSM install, set the variable to "/usr/local/lib/softhsm/libsofthsm2.so".)
    • QRYPT_EAAS_TOKEN: The Qrypt entropy token to be used by the library.
  • Optional
    • QRYPT_LOG_LEVEL: The library's log level, as an integer. Follows the syslog convention: error = 3, warning = 4, info = 6 (default), debug = 7.
    • QRYPT_CA_CERT_PATH: A path to a custom CA certificate file. If unset, the OS-default CA certificate file will be used.

Build + Test

mkdir build && cd build   # Start in the project root directory
cmake ..
make

Now, we run the unit tests. (Don't worry! They only use your token for about 20KB of Qrypt entropy.)

src/gtests/qryptoki_gtests

If the unit tests pass, go ahead and install:

make install   # Installs to (top-level) package/ folder

You can now try the integration tests (which also consume 20KB of entropy):

cd ../integration-tests
mkdir build && cd build
cmake ..
make
./run_tests

If all tests pass, then you're good to go! The library to link to is package/lib/libqryptoki.so, and public header files are in package/inc.

You can track entropy usage on the portal.

mini-softhsm2-util

Most applications that consume a PKCS#11 library will require you to have a token already set up. The main way to do this is programmatically with C_InitToken, but we include a command-line tool to do it for you!

make mini-softhsm2-util   # Start in top-level build/
make install
cd ..                     # Go back to root project folder
./package/bin/mini-softhsm2-util --module "./package/lib/libqryptoki.so" --init-token --free --label "New token!"

You can also display slot information with --show-slots.

Documentation, support, and feedback

Check out the repo's wiki pages here on GitHub!

Contributing

Still working on getting a contributing infrastructure set up, but we're so happy you're interested! Go ahead and publish any issues or PRs here, but understand we may be slow in responding.

Licensing

This project is under the MIT License. See the LICENSE file for more details.

Dependencies' licenses can be found in the third-party-licenses folder.

About

A wrapper of PKCS#11's Cryptoki interface with Qrypt-sourced entropy.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages