Lib.rs

Cryptography | Hardware support
#pkcs11 #hsm #cryptoki

pkcs11-uri

PKCS #11 URI parser

by Nicolas Stalder

4 releases

0.1.3 Mar 23, 2022
0.1.2 Jan 24, 2021
0.1.1 Jan 10, 2021
0.1.0 Jan 10, 2021

#5 in #cryptoki

Download history 30/week @ 2026-01-06 54/week @ 2026-01-13 53/week @ 2026-01-20 48/week @ 2026-01-27 43/week @ 2026-02-03 33/week @ 2026-02-10 38/week @ 2026-02-17 249/week @ 2026-02-24 167/week @ 2026-03-03 152/week @ 2026-03-10 25/week @ 2026-03-17 20/week @ 2026-03-24 168/week @ 2026-03-31 249/week @ 2026-04-07 230/week @ 2026-04-14 198/week @ 2026-04-21

853 downloads per month
Used in 2 crates (via lpc55)

Apache-2.0 OR MIT

20KB
360 lines

PKCS#11 URI

Bare bones implementation of the RFC 7512 URI scheme for locating keys and other PKCS#11 objects.

This library is patched together from existing libraries, namely pkcs11, uriparse and percent-encoding, and is a work in progress.

API docs: https://nickray.github.io/pkcs11-uri/pkcs11_uri/

Getting started

One way to generate URIs to feed into this library is the p11tool in GnuTLS. Running p11tool --list-tokens returns the URIs for all available tokens. Running p11tool --list-all <token URI> then lists all the objects in that token. For private keys, use GNUTLS_PIN=<pin> p11tool --login --list-all <token URI>.

One way to create keypairs to use is with softhsm-util and pkcs11-tool:

softhsm2-util --init-token --free --label my-ca --pin 1234 --so-pin 1234
pkcs11-tool --module /usr/lib/libsofthsm2.so --token my-ca --login --pin 1234 --keypairgen --label my-signing-key --key-type RSA:2048

Dependencies

~1.3–1.9MB
~32K SLoC