### Build and Install OpenSSL 1.0.2d (32-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Builds the 32-bit static library for OpenSSL 1.0.2d using Visual Studio and installs it to a specified directory. It configures the build with NASM assembler and enables static engines. ```batch cd C:\build\src\openssl-1.0.2d-x86 set PATH=%PATH%;C:\nasm "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" perl Configure VC-WIN32 --prefix=C:\build\bin\openssl-1.0.2d-x86 enable-static-engine ms\do_nasm nmake /f ms\nt.mak nmake /f ms\nt.mak test nmake /f ms\nt.mak install ``` -------------------------------- ### Build and Install OpenSSL 1.0.2d (64-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Builds the 64-bit static library for OpenSSL 1.0.2d using Visual Studio and installs it to a specified directory. It configures the build for the 64-bit target with NASM assembler and enables static engines. ```batch cd C:\build\src\openssl-1.0.2d-x64 set PATH=%PATH%;C:\nasm "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 perl Configure VC-WIN64A --prefix=C:\build\bin\openssl-1.0.2d-x64 enable-static-engine ms\do_win64a nmake /f ms\nt.mak nmake /f ms\nt.mak test nmake /f ms\nt.mak install ``` -------------------------------- ### Build and Install OpenSSL 1.1.0a (64-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Builds the 64-bit static library for OpenSSL 1.1.0a using Visual Studio and installs it to a specified directory. It configures the build for 64-bit targets and disables shared library creation. ```batch cd C:\build\src\openssl-1.1.0a-x64 set PATH=%PATH%;C:\nasm "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 perl Configure VC-WIN64A --prefix=C:\build\bin\openssl-1.1.0a-x64 --openssldir=C:\build\bin\openssl-1.1.0a-x64\ssl no-shared nmake nmake test nmake install ``` -------------------------------- ### Build and Install OpenSSL 1.1.0a (32-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Builds the 32-bit static library for OpenSSL 1.1.0a using Visual Studio and installs it to a specified directory. It configures the build for 32-bit targets and disables shared library creation. ```batch cd C:\build\src\openssl-1.1.0a-x86 set PATH=%PATH%;C:\nasm "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" perl Configure VC-WIN32 --prefix=C:\build\bin\openssl-1.1.0a-x86 --openssldir=C:\build\bin\openssl-1.1.0a-x86\ssl no-shared nmake nmake test nmake install ``` -------------------------------- ### SoftHSMv2 Configuration File Format Source: https://github.com/softhsm/softhsmv2/blob/main/OSX-NOTES.md Example configuration file content for setting up the token directory and database backend. ```text directories.tokendir = ./tokens objectstore.backend = db log.level = INFO slots.removable = false ``` -------------------------------- ### Configure and Build SoftHSMv2 on Windows Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Commands to initialize the build environment, configure the crypto backend, and prepare the installation directory for SoftHSMv2. These commands are separated by architecture (32-bit and 64-bit). ```batch cd C:\build\src\SoftHSMv2\win32\ "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" python Configure.py disable-debug disable-gost with-crypto-backend=openssl with-openssl=C:\build\bin\openssl-1.1.0a-x86\ with-cppunit=C:\build\bin\cppunit-1.13.2-x86\ ``` ```batch cd C:\build\src\SoftHSMv2\win32\ "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 python Configure.py enable-64bit disable-debug disable-gost with-crypto-backend=openssl with-openssl=C:\build\bin\openssl-1.1.0a-x64\ with-cppunit=C:\build\bin\cppunit-1.13.2-x64\ ``` -------------------------------- ### Install Homebrew and Dependencies Source: https://github.com/softhsm/softhsmv2/blob/main/OSX-NOTES.md Installs the Homebrew package manager and the necessary build dependencies for SoftHSMv2. ```bash ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" brew install automake pkg-config openssl sqlite cppunit libtool ``` -------------------------------- ### Install SoftHSMv2 Library Source: https://github.com/softhsm/softhsmv2/blob/main/CMAKE-NOTES.md Installs the compiled SoftHSMv2 library using the make install command, typically requiring superuser privileges. ```bash cd .. sudo make -C build install ``` -------------------------------- ### Configure softhsm2-migrate Build with CMake Source: https://github.com/softhsm/softhsmv2/blob/main/src/bin/migrate/CMakeLists.txt Defines the build process for the migration utility, including source file aggregation, include directory setup, and platform-specific adjustments for MSVC compilers. It also handles linking against SQLite3 and installing the resulting binary and documentation. ```cmake project(softhsm2-migrate) if(BUILD_MIGRATE) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../../lib/pkcs11 ${PROJECT_SOURCE_DIR}/../common ${SQLITE3_INCLUDES} ) set(SOURCES softhsm2-migrate.cpp ${PROJECT_SOURCE_DIR}/../common/findslot.cpp ${PROJECT_SOURCE_DIR}/../common/getpw.cpp ${PROJECT_SOURCE_DIR}/../common/library.cpp ) if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") list(APPEND INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../../lib/win32 ${CMAKE_CURRENT_SOURCE_DIR}/../win32) list(APPEND SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../win32/getopt.cpp) endif() include_directories(${INCLUDE_DIRS}) add_executable(${PROJECT_NAME} ${SOURCES}) target_link_libraries(${PROJECT_NAME} ${SQLITE3_LIBS} ${YIELD_LIB} ${CMAKE_DL_LIBS}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR} ) install(FILES ${PROJECT_NAME}.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 ) endif(BUILD_MIGRATE) ``` -------------------------------- ### CMake Project Setup for softhsm_sessionmgr Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/session_mgr/CMakeLists.txt This snippet shows the basic CMake project setup for the softhsm_sessionmgr library. It defines include directories, source files, and compiles the library. It also conditionally adds a test subdirectory if tests are enabled. ```cmake project(softhsm_sessionmgr) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/../common ${PROJECT_SOURCE_DIR}/../crypto ${PROJECT_SOURCE_DIR}/../data_mgr ${PROJECT_SOURCE_DIR}/../object_store ${PROJECT_SOURCE_DIR}/../pkcs11 ${PROJECT_SOURCE_DIR}/../slot_mgr ) set(SOURCES SessionManager.cpp Session.cpp ) if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") list(APPEND INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../win32) endif() include_directories(${INCLUDE_DIRS}) add_library(${PROJECT_NAME} OBJECT ${SOURCES}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) if(BUILD_TESTS) add_subdirectory(test) endif(BUILD_TESTS) ``` -------------------------------- ### Deploy SoftHSMv2 Binaries Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Commands to create the installation directory structure and copy the compiled binaries and configuration files to the target location. ```batch mkdir C:\build\bin\SoftHSMv2-x86 mkdir C:\build\bin\SoftHSMv2-x86\tokens copy C:\build\src\SoftHSMv2\win32\Release\softhsm2.dll C:\build\bin\SoftHSMv2-x86\ copy C:\build\src\SoftHSMv2\src\lib\common\softhsm2.conf.in C:\build\bin\SoftHSMv2-x86\softhsm2.conf ``` -------------------------------- ### Build and Test SoftHSMv2 Source: https://github.com/softhsm/softhsmv2/blob/main/OSX-NOTES.md Compiles the source code using make and executes the test suite to verify the installation. ```bash make make check ``` -------------------------------- ### Install SoftHSMv2 Libraries Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/CMakeLists.txt This CMake code handles the installation of the SoftHSMv2 shared and static libraries. It specifies the destination directory for the libraries within the installation path. ```cmake install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_LIBDIR}/softhsm ) if(ENABLE_STATIC) install(TARGETS ${PROJECT_NAME}-static DESTINATION ${CMAKE_INSTALL_LIBDIR}/softhsm ) endif() ``` -------------------------------- ### Extract and Build Botan 64-bit Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the Botan archive, builds it using MSVC for x64 architecture, and installs it into the specified directory. Requires running configure script as admin. ```bash cd C:\\build\\src\\\nrename Botan-1.10.10.tgz Botan-1.10.10.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x Botan-1.10.10.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x Botan-1.10.10.tgz\nrename Botan-1.10.10 botan-1.10.10-x64\ndel Botan-1.10.10.t*\ncd C:\\build\\src\\botan-1.10.10-x64\n"C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" amd64\npython configure.py --cc=msvc --cpu=x64 --prefix=C:\\build\\bin\\botan-1.10.10-x64\nnmake\nnmake check\ncheck.exe --validate\nnmake install ``` -------------------------------- ### Extract and Build Botan 32-bit Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the Botan archive, builds it using MSVC for x86 architecture, and installs it into the specified directory. Requires running configure script as admin. ```bash cd C:\\build\\src\\\nrename Botan-1.10.10.tgz Botan-1.10.10.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x Botan-1.10.10.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x Botan-1.10.10.tgz\nrename Botan-1.10.10 botan-1.10.10-x86\ndel Botan-1.10.10.t*\ncd C:\\build\\src\\botan-1.10.10-x86\n"C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat"\npython configure.py --cc=msvc --cpu=x86 --prefix=C:\\build\\bin\\botan-1.10.10-x86\nnmake\nnmake check\ncheck.exe --validate\nnmake install ``` -------------------------------- ### Define Default Installation Paths Source: https://github.com/softhsm/softhsmv2/blob/main/CMakeLists.txt Sets the default system paths for configuration, state, and libraries using GNUInstallDirs. These variables ensure that SoftHSMv2 follows standard filesystem hierarchies unless overridden by the user. ```cmake if(NOT DEFINED CMAKE_INSTALL_SYSCONFDIR) set(CMAKE_INSTALL_SYSCONFDIR "/etc") endif() include(GNUInstallDirs) ``` -------------------------------- ### Manage PKCS#11 Sessions in C Source: https://context7.com/softhsm/softhsmv2/llms.txt This C code snippet illustrates how to manage PKCS#11 sessions. It covers getting a list of available slots, opening a read-write session, logging in with a user PIN, retrieving session information, and finally logging out and closing the session. ```c CK_RV rv; CK_SLOT_ID slotList[10]; CK_ULONG slotCount = 10; CK_SESSION_HANDLE hSession; CK_SESSION_INFO sessionInfo; // Get list of slots with tokens rv = p11->C_GetSlotList(CK_TRUE, slotList, &slotCount); if (rv != CKR_OK || slotCount == 0) { fprintf(stderr, "No tokens found\n"); return 1; } // Open a read-write session rv = p11->C_OpenSession(slotList[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession); if (rv != CKR_OK) { fprintf(stderr, "C_OpenSession failed: 0x%lx\n", rv); return 1; } // Get session info rv = p11->C_GetSessionInfo(hSession, &sessionInfo); if (rv == CKR_OK) { printf("Session state: %lu\n", sessionInfo.state); printf("Session flags: 0x%lx\n", sessionInfo.flags); } // Login as user CK_UTF8CHAR userPin[] = "87654321"; rv = p11->C_Login(hSession, CKU_USER, userPin, sizeof(userPin) - 1); if (rv != CKR_OK) { fprintf(stderr, "C_Login failed: 0x%lx\n", rv); } // Perform operations... // Logout and close session p11->C_Logout(hSession); p11->C_CloseSession(hSession); // Or close all sessions on a slot p11->C_CloseAllSessions(slotList[0]); ``` -------------------------------- ### Verify Xcode Compiler Path Source: https://github.com/softhsm/softhsmv2/blob/main/OSX-NOTES.md Checks the current installation path of the Xcode command line tools to ensure the compiler is accessible. ```bash xcode-select --print-path ``` -------------------------------- ### Extract and Build CppUnit 64-bit Unicode Library Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the CppUnit archive, rebuilds the solution in Visual Studio with 'Release Unicode\x64' configuration, and copies the resulting libraries and headers to the specified installation directory. ```bash cd C:\\build\\src\\\n"C:\\Program Files\\7-Zip\\7z" x cppunit-1.13.2.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x cppunit-1.13.2.tar\nrename cppunit-1.13.2 cppunit-1.13.2-x64\ndel cppunit-1.13.2.tar*\ncd C:\\build\\src\\cppunit-1.13.2-x64\\src\\\nrem Open solution C:\\build\\src\\cppunit-1.13.2-x64\\src\\CppUnitLibraries2010.sln in Visual Studio and rebuild the source with Release Unicode\\x64 solution configuration.\nmkdir C:\\build\\bin\\cppunit-1.13.2-x64\\lib\nxcopy C:\\build\\src\\cppunit-1.13.2-x64\\lib C:\\build\\bin\\cppunit-1.13.2-x64\\lib /E\nmkdir C:\\build\\bin\\cppunit-1.13.2-x64\\include\nxcopy C:\\build\\src\\cppunit-1.13.2-x64\\include C:\\build\\bin\\cppunit-1.13.2-x64\\include /E ``` -------------------------------- ### Extract and Build CppUnit 32-bit Unicode Library Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the CppUnit archive, rebuilds the solution in Visual Studio with 'Release Unicode\Win32' configuration, and copies the resulting libraries and headers to the specified installation directory. ```bash cd C:\\build\\src\\\n"C:\\Program Files\\7-Zip\\7z" x cppunit-1.13.2.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x cppunit-1.13.2.tar\nrename cppunit-1.13.2 cppunit-1.13.2-x86\ndel cppunit-1.13.2.tar*\ncd C:\\build\\src\\cppunit-1.13.2-x86\\src\\\nrem Open solution C:\\build\\src\\cppunit-1.13.2-x86\\src\\CppUnitLibraries2010.sln in Visual Studio and rebuild the source with Release Unicode\\Win32 solution configuration.\nmkdir C:\\build\\bin\\cppunit-1.13.2-x86\\lib\nxcopy C:\\build\\src\\cppunit-1.13.2-x86\\lib C:\\build\\bin\\cppunit-1.13.2-x86\\lib /E\nmkdir C:\\build\\bin\\cppunit-1.13.2-x86\\include\nxcopy C:\\build\\src\\cppunit-1.13.2-x86\\include C:\\build\\bin\\cppunit-1.13.2-x86\\include /E ``` -------------------------------- ### Create Build Directories Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Creates the necessary directories for building SoftHSM2 and its dependencies on Windows. ```batch mkdir C:\build\bin \ mkdir C:\build\src\ ``` -------------------------------- ### Create Digital Signatures with PKCS#11 Source: https://context7.com/softhsm/softhsmv2/llms.txt Demonstrates how to initialize and perform digital signatures using RSA-PKCS, RSA-PSS, and ECDSA mechanisms. It requires a valid PKCS#11 session and a loaded private key handle. ```c CK_RV rv; CK_BYTE data[] = "Message to be signed"; CK_BYTE signature[512]; CK_ULONG signatureLen = sizeof(signature); // RSA PKCS#1 v1.5 signature with SHA-256 CK_MECHANISM rsaMechanism = { CKM_SHA256_RSA_PKCS, NULL_PTR, 0 }; rv = p11->C_SignInit(hSession, &rsaMechanism, hPrivateKey); rv = p11->C_Sign(hSession, data, sizeof(data) - 1, signature, &signatureLen); // RSA-PSS signature CK_RSA_PKCS_PSS_PARAMS pssParams = { CKM_SHA256, CKG_MGF1_SHA256, 32 }; CK_MECHANISM pssMechanism = { CKM_SHA256_RSA_PKCS_PSS, &pssParams, sizeof(pssParams) }; rv = p11->C_SignInit(hSession, &pssMechanism, hPrivateKey); rv = p11->C_Sign(hSession, data, sizeof(data) - 1, signature, &signatureLen); // ECDSA signature CK_MECHANISM ecdsaMechanism = { CKM_ECDSA_SHA256, NULL_PTR, 0 }; rv = p11->C_SignInit(hSession, &ecdsaMechanism, hEcPrivateKey); rv = p11->C_Sign(hSession, data, sizeof(data) - 1, signature, &signatureLen); ``` -------------------------------- ### Initialize PKCS#11 Library in C Source: https://context7.com/softhsm/softhsmv2/llms.txt This C code demonstrates how to load the SoftHSM PKCS#11 library dynamically using dlopen, retrieve the function list, and initialize the library. This is a prerequisite for any PKCS#11 operations. ```c #include #include #include #include int main() { void *module; CK_FUNCTION_LIST *p11; CK_RV rv; CK_C_GetFunctionList pGetFunctionList; // Load the SoftHSM library module = dlopen("/usr/local/lib/softhsm/libsofthsm2.so", RTLD_NOW); if (!module) { fprintf(stderr, "Failed to load library: %s\n", dlerror()); return 1; } // Get the function list pGetFunctionList = (CK_C_GetFunctionList)dlsym(module, "C_GetFunctionList"); rv = pGetFunctionList(&p11); if (rv != CKR_OK) { fprintf(stderr, "C_GetFunctionList failed: 0x%lx\n", rv); return 1; } // Initialize PKCS#11 rv = p11->C_Initialize(NULL_PTR); if (rv != CKR_OK) { fprintf(stderr, "C_Initialize failed: 0x%lx\n", rv); return 1; } printf("SoftHSM initialized successfully\n"); // Cleanup p11->C_Finalize(NULL_PTR); dlclose(module); return 0; } ``` -------------------------------- ### Sample SoftHSMv2 Configuration Source: https://github.com/softhsm/softhsmv2/wiki/Configuration A sample configuration snippet defining the token storage directory and the object store backend. These settings are typically placed in the softhsm2.conf file. ```text directories.tokendir = /var/lib/softhsm/tokens/ objectstore.backend = file ``` -------------------------------- ### Clone and Configure SoftHSMv2 Source: https://github.com/softhsm/softhsmv2/blob/main/OSX-NOTES.md Clones the repository and runs the autogen and configure scripts to prepare the build environment. ```bash git clone https://github.com/opendnssec/SoftHSMv2.git cd SoftHSMv2 sh ./autogen.sh ./configure --with-objectstore-backend-db --with-openssl=/usr/local/opt/openssl --with-sqlite3=/usr/local/opt/sqlite ``` -------------------------------- ### Create Token Directory Source: https://github.com/softhsm/softhsmv2/wiki/Configuration Command to create the directory designated for token storage. This must be executed before initializing any tokens in SoftHSMv2. ```bash mkdir ``` -------------------------------- ### Digital Signature Creation Source: https://context7.com/softhsm/softhsmv2/llms.txt Demonstrates how to initialize and perform digital signatures using RSA-PKCS, RSA-PSS, and ECDSA mechanisms. ```APIDOC ## C_SignInit / C_Sign ### Description Initializes a signature operation and generates a digital signature for the provided data using the specified private key and mechanism. ### Method PKCS#11 Function Call ### Endpoint C_SignInit(hSession, pMechanism, hKey) followed by C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen) ### Parameters #### Path Parameters - **hSession** (CK_SESSION_HANDLE) - Required - The active session handle. - **pMechanism** (CK_MECHANISM) - Required - The signing mechanism (e.g., CKM_SHA256_RSA_PKCS, CKM_ECDSA_SHA256). - **hKey** (CK_OBJECT_HANDLE) - Required - The handle to the private key. ### Request Example CK_MECHANISM mechanism = { CKM_SHA256_RSA_PKCS, NULL_PTR, 0 }; rv = p11->C_SignInit(hSession, &mechanism, hPrivateKey); rv = p11->C_Sign(hSession, data, dataLen, signature, &signatureLen); ### Response #### Success Response (CKR_OK) - **signature** (CK_BYTE[]) - The generated digital signature output. ``` -------------------------------- ### Configure SoftHSMv2 Dependencies and Includes Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/CMakeLists.txt This snippet configures the build by adding subdirectories for various modules and setting up include directories. It ensures that all necessary components and their header files are accessible during the build process. ```cmake add_subdirectory(common) add_subdirectory(crypto) add_subdirectory(data_mgr) add_subdirectory(handle_mgr) add_subdirectory(object_store) add_subdirectory(session_mgr) add_subdirectory(slot_mgr) set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/common ${CMAKE_CURRENT_SOURCE_DIR}/crypto ${CMAKE_CURRENT_SOURCE_DIR}/data_mgr ${CMAKE_CURRENT_SOURCE_DIR}/handle_mgr ${CMAKE_CURRENT_SOURCE_DIR}/object_store ${CMAKE_CURRENT_SOURCE_DIR}/pkcs11 ${CMAKE_CURRENT_SOURCE_DIR}/session_mgr ${CMAKE_CURRENT_SOURCE_DIR}/slot_mgr ${CRYPTO_INCLUDES} ) include_directories(${INCLUDE_DIRS}) ``` -------------------------------- ### Extract and Prepare OpenSSL 1.1.0a (64-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the OpenSSL 1.1.0a archive and renames the directory for the 64-bit build. It also cleans up temporary archive files. ```batch cd C:\build\src\ "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar.gz "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar rename openssl-1.1.0a openssl-1.1.0a-x64 del openssl-1.1.0a.tar* ``` -------------------------------- ### Extract and Prepare OpenSSL 1.1.0a (32-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the OpenSSL 1.1.0a archive and renames the directory for the 32-bit build. It also cleans up temporary archive files. ```batch cd C:\build\src\ "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar.gz "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar rename openssl-1.1.0a openssl-1.1.0a-x86 del openssl-1.1.0a.tar* ``` -------------------------------- ### Key Wrapping and Unwrapping (C) Source: https://context7.com/softhsm/softhsmv2/llms.txt Demonstrates securely exporting keys using wrapping (encryption) and importing wrapped keys using unwrapping. It utilizes mechanisms like AES-CBC for the wrapping process and specifies attributes for the unwrapped key. ```c CK_RV rv; CK_BYTE wrappedKey[4096]; CK_ULONG wrappedKeyLen = sizeof(wrappedKey); CK_BYTE iv[16] = { 0 }; // Wrap a key using AES-CBC CK_MECHANISM wrapMechanism = { CKM_AES_CBC_PAD, iv, sizeof(iv) }; rv = p11->C_WrapKey(hSession, &wrapMechanism, hWrappingKey, // AES key used for wrapping hKeyToWrap, // Key to be wrapped (exported) wrappedKey, &wrappedKeyLen); if (rv == CKR_OK) { printf("Key wrapped successfully (%lu bytes)\n", wrappedKeyLen); } // Unwrap a key CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; CK_KEY_TYPE keyType = CKK_AES; CK_ULONG keyLen = 32; CK_BBOOL bTrue = CK_TRUE; CK_BYTE label[] = "Unwrapped AES Key"; CK_OBJECT_HANDLE hUnwrappedKey; CK_ATTRIBUTE unwrapTemplate[] = { { CKA_CLASS, &keyClass, sizeof(keyClass) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, { CKA_TOKEN, &bTrue, sizeof(bTrue) }, { CKA_LABEL, label, sizeof(label) - 1 }, { CKA_ENCRYPT, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) } }; rv = p11->C_UnwrapKey(hSession, &wrapMechanism, hUnwrappingKey, // Key used for unwrapping wrappedKey, wrappedKeyLen, unwrapTemplate, sizeof(unwrapTemplate) / sizeof(CK_ATTRIBUTE), &hUnwrappedKey); if (rv == CKR_OK) { printf("Key unwrapped successfully: %lu\n", hUnwrappedKey); } ``` -------------------------------- ### Extract and Prepare OpenSSL 1.0.2d (64-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the OpenSSL 1.0.2d archive and renames the directory for the 64-bit build. It also cleans up temporary archive files. ```batch cd C:\build\src\ "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar.gz "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar rename openssl-1.0.2d openssl-1.0.2d-x64 del openssl-1.0.2d.tar* ``` -------------------------------- ### Extract and Prepare OpenSSL 1.0.2d (32-bit) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Extracts the OpenSSL 1.0.2d archive and renames the directory for the 32-bit build. It also cleans up temporary archive files. ```batch cd C:\build\src\ "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar.gz "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar rename openssl-1.0.2d openssl-1.0.2d-x86 del openssl-1.0.2d.tar* ``` -------------------------------- ### Verify OpenSSL Signature (Common Step) Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Verifies the integrity of the downloaded OpenSSL archive using GPG. This step is common for both OpenSSL versions. ```bash cd C:\build\src\ gpg --keyserver pgp.mit.edu --recv-keys 0E604491 gpg --verify openssl-1.0.2d.tar.gz.asc openssl-1.0.2d.tar.gz ``` -------------------------------- ### Download and Verify SoftHSMv2 Source Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Downloads the SoftHSMv2 source archive, verifies its signature using GPG, extracts the archive, and renames the extracted directory. Alternatively, it clones the repository from GitHub. ```bash cd C:\\build\\src\\\ngpg --keyserver pgp.surfnet.nl --recv-keys 4FCB0B94\ngpg --verify softhsm-2.x.y.tar.gz.sig softhsm-2.x.y.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x softhsm-2.x.y.tar.gz\n"C:\\Program Files\\7-Zip\\7z" x softhsm-2.x.y.tar\nrename softhsm-2.x.y SoftHSMv2\ndel softhsm-2.x.y.tar*\ncd C:\\build\\src\\\ngit clone https://github.com/opendnssec/SoftHSMv2.git ``` -------------------------------- ### Initialize SoftHSMv2 Token Source: https://github.com/softhsm/softhsmv2/blob/main/README.md Initializes a new PKCS#11 token on a specific slot using the softhsm2-util utility. The process requires the user to provide a Security Officer (SO) PIN and a user PIN for token management. ```bash softhsm2-util --init-token --slot 0 --label "My token 1" ``` -------------------------------- ### Perform AES Encryption and Decryption Source: https://context7.com/softhsm/softhsmv2/llms.txt Illustrates AES encryption and decryption using CBC and GCM modes. Includes initialization vector generation and handling of additional authenticated data for GCM. ```c CK_RV rv; CK_BYTE plaintext[] = "Sensitive data to encrypt"; CK_BYTE iv[16] = { 0 }; CK_BYTE ciphertext[256]; CK_ULONG ciphertextLen = sizeof(ciphertext); // AES-CBC encryption rv = p11->C_GenerateRandom(hSession, iv, sizeof(iv)); CK_MECHANISM cbcMechanism = { CKM_AES_CBC_PAD, iv, sizeof(iv) }; rv = p11->C_EncryptInit(hSession, &cbcMechanism, hAesKey); rv = p11->C_Encrypt(hSession, plaintext, sizeof(plaintext), ciphertext, &ciphertextLen); // AES-GCM encryption CK_BYTE aad[] = "Additional authenticated data"; CK_BYTE gcmIv[12] = { 0 }; CK_GCM_PARAMS gcmParams = { gcmIv, sizeof(gcmIv), 96, aad, sizeof(aad) - 1, 128 }; CK_MECHANISM gcmMechanism = { CKM_AES_GCM, &gcmParams, sizeof(gcmParams) }; rv = p11->C_EncryptInit(hSession, &gcmMechanism, hAesKey); rv = p11->C_Encrypt(hSession, plaintext, sizeof(plaintext) - 1, ciphertext, &ciphertextLen); ``` -------------------------------- ### Configure SoftHSMv2 Object Store Test Build Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/object_store/test/CMakeLists.txt This CMake script defines the include directories, source files, and library dependencies required to build the object store test suite. It conditionally includes database-related test files based on the WITH_OBJECTSTORE_BACKEND_DB flag. ```cmake project(objstoretest) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/.. ${PROJECT_SOURCE_DIR}/../.. ${PROJECT_SOURCE_DIR}/../../common ${PROJECT_SOURCE_DIR}/../../crypto ${PROJECT_SOURCE_DIR}/../../data_mgr ${PROJECT_SOURCE_DIR}/../../pkcs11 ${PROJECT_SOURCE_DIR}/../../session_mgr ${PROJECT_SOURCE_DIR}/../../slot_mgr ${CRYPTO_INCLUDES} ) set(SOURCES objstoretest.cpp DirectoryTests.cpp UUIDTests.cpp FileTests.cpp ObjectFileTests.cpp OSTokenTests.cpp ObjectStoreTests.cpp SessionObjectTests.cpp SessionObjectStoreTests.cpp ) if(WITH_OBJECTSTORE_BACKEND_DB) list(APPEND SOURCES DBTests.cpp DBObjectTests.cpp DBTokenTests.cpp DBObjectStoreTests.cpp ) endif(WITH_OBJECTSTORE_BACKEND_DB) include_directories(${INCLUDE_DIRS}) add_executable(${PROJECT_NAME} ${SOURCES}) target_link_libraries(${PROJECT_NAME} softhsm2-static ${CRYPTO_LIBS} ${CPPUNIT_LIBRARIES} ${SQLITE3_LIBS}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) add_test(${PROJECT_NAME} ${PROJECT_NAME}) ``` -------------------------------- ### Run SoftHSMv2 Tests Source: https://github.com/softhsm/softhsmv2/blob/main/CMAKE-NOTES.md Executes the tests for SoftHSMv2 from within the build directory using the ctest command with verbose output. ```bash cd build ctest -V ``` -------------------------------- ### Configure SoftHSMv2 Build with CMake Source: https://github.com/softhsm/softhsmv2/blob/main/CMAKE-NOTES.md Configures the SoftHSMv2 build using CMake. Options allow enabling tests, disabling non-paged memory, enabling EDDSA and ML-DSA support, building the migration tool, and selecting a crypto backend (OpenSSL or Botan). ```bash cmake -H. -Bbuild \ -DBUILD_TESTS=ON \ -DDISABLE_NON_PAGED_MEMORY=ON \ -DENABLE_EDDSA=ON \ -DENABLE_MLDSA=ON \ -DWITH_MIGRATE=ON \ -DWITH_CRYPTO_BACKEND=openssl ``` -------------------------------- ### Signature Verification Source: https://context7.com/softhsm/softhsmv2/llms.txt Demonstrates how to verify a digital signature against original data using a public key. ```APIDOC ## C_VerifyInit / C_Verify ### Description Initializes a verification operation and checks the validity of a signature against the original data using the provided public key. ### Method PKCS#11 Function Call ### Endpoint C_VerifyInit(hSession, pMechanism, hKey) followed by C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen) ### Parameters #### Path Parameters - **hSession** (CK_SESSION_HANDLE) - Required - The active session handle. - **pMechanism** (CK_MECHANISM) - Required - The verification mechanism. - **hKey** (CK_OBJECT_HANDLE) - Required - The handle to the public key. ### Request Example CK_MECHANISM mechanism = { CKM_SHA256_RSA_PKCS, NULL_PTR, 0 }; rv = p11->C_VerifyInit(hSession, &mechanism, hPublicKey); rv = p11->C_Verify(hSession, data, dataLen, signature, signatureLen); ### Response #### Success Response (CKR_OK) - **Status** (Boolean) - Returns CKR_OK if valid, CKR_SIGNATURE_INVALID if invalid. ``` -------------------------------- ### Configure SoftHSMv2 Build Options Source: https://github.com/softhsm/softhsmv2/blob/main/CMakeLists.txt Defines the primary build options for the SoftHSMv2 project, allowing users to toggle features like ECC support, static library building, and database backend integration. These options are processed during the CMake configuration phase to determine which components are compiled. ```cmake option(BUILD_TESTS "Compile tests along with libraries" OFF) option(ENABLE_ECC "Enable support for ECC" ON) option(ENABLE_STATIC "Build static libraries" ON) set(WITH_CRYPTO_BACKEND "openssl" CACHE STRING "Select crypto backend (openssl|botan)") ``` -------------------------------- ### Configure CMake Build for SoftHSMv2 Test Suite Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/test/CMakeLists.txt This CMake script sets up the build environment for the p11test project. It handles source file aggregation, platform-specific compiler definitions for Windows and POSIX, and links necessary libraries like SoftHSM2 and CppUnit. ```cmake project(p11test) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/.. ${PROJECT_SOURCE_DIR}/../common ${PROJECT_SOURCE_DIR}/../pkcs11 ${CPPUNIT_INCLUDES}) if (WIN32) set(INCLUDE_DIRS ${INCLUDE_DIRS} ${PROJECT_SOURCE_DIR}/../win32) endif (WIN32) set(SOURCES p11test.cpp SymmetricAlgorithmTests.cpp DigestTests.cpp InitTests.cpp InfoTests.cpp RandomTests.cpp SessionTests.cpp TokenTests.cpp UserTests.cpp ObjectTests.cpp DeriveTests.cpp SignVerifyTests.cpp AsymEncryptDecryptTests.cpp AsymWrapUnwrapTests.cpp TestsBase.cpp TestsNoPINInitBase.cpp ../common/log.cpp ../common/osmutex.cpp) add_executable(${PROJECT_NAME} ${SOURCES}) if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") target_sources(${PROJECT_NAME} PRIVATE ${PROJECT_SOURCE_DIR}/../win32/setenv.cpp ${PROJECT_SOURCE_DIR}/../win32/syslog.cpp) list(APPEND COMPILE_OPTIONS "/DCRYPTOKI_STATIC") else() target_sources(${PROJECT_NAME} PRIVATE "ForkTests.cpp") set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS -pthread) endif() include_directories(${INCLUDE_DIRS}) target_link_libraries(${PROJECT_NAME} softhsm2-static ${SQLITE3_LIBS} ${CPPUNIT_LIBRARIES}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) add_test(NAME ${PROJECT_NAME} COMMAND ${PROJECT_NAME} WORKING_DIRECTORY ${PROJECT_BINARY_DIR}) ``` -------------------------------- ### Verify SoftHSMv2 Build with Test Suites Source: https://github.com/softhsm/softhsmv2/blob/main/WIN32-NOTES.md Executables used to verify the integrity of the compiled SoftHSMv2 binaries after the build process. ```batch C:\build\src\SoftHSMv2\win32\Release\cryptotest.exe C:\build\src\SoftHSMv2\win32\Release\datamgrtest.exe C:\build\src\SoftHSMv2\win32\Release\handlemgrtest.exe C:\build\src\SoftHSMv2\win32\Release\objstoretest.exe C:\build\src\SoftHSMv2\win32\Release\p11test.exe C:\build\src\SoftHSMv2\win32\Release\sessionmgrtest.exe C:\build\src\SoftHSMv2\win32\Release\slotmgrtest.exe ``` -------------------------------- ### Define SoftHSMv2 Source Files and Static Libraries Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/CMakeLists.txt This section defines the source files for the project and lists the names of static libraries to be linked. It also includes conditional logic for older CMake versions to handle object library linking and dependencies. ```cmake set(SOURCES access.cpp main.cpp P11Attributes.cpp P11Objects.cpp SoftHSM.cpp ) set(STATIC_FILES softhsm_common softhsm_crypto softhsm_datamgr softhsm_handlemgr softhsm_objectstore softhsm_sessionmgr softhsm_slotmgr ) if(CMAKE_VERSION VERSION_LESS "3.12") # Older CMake versions cannot link object libraries to a target, so pass # the associated object files as source. Similarly, softhsm_crypto and # softhsm_objectstore object library dependencies cannot be propagated # so as a workaround explicitly specify it here. foreach(libname IN LISTS STATIC_FILES) list(APPEND SOURCES $) endforeach() # Older CMake versions forbid library dependencies on object libraries, # therefore repeat softhsm_crypto and softhsm_objectstore dependencies. set(STATIC_FILES ${CRYPTO_LIBS} ${SQLITE3_LIBS}) endif() if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") list(APPEND INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/win32) list(APPEND STATIC_FILES "Ws2_32.lib;Crypt32.lib") ENDIF() ``` -------------------------------- ### AES Encryption and Decryption Source: https://context7.com/softhsm/softhsmv2/llms.txt Demonstrates symmetric encryption and decryption using AES in CBC and GCM modes. ```APIDOC ## C_EncryptInit / C_Encrypt / C_Decrypt ### Description Performs symmetric encryption or decryption of data using AES mechanisms such as CBC or GCM. ### Method PKCS#11 Function Call ### Endpoint C_EncryptInit/C_DecryptInit followed by C_Encrypt/C_Decrypt ### Parameters #### Path Parameters - **hSession** (CK_SESSION_HANDLE) - Required - The active session handle. - **pMechanism** (CK_MECHANISM) - Required - AES mechanism (e.g., CKM_AES_CBC_PAD, CKM_AES_GCM). - **hKey** (CK_OBJECT_HANDLE) - Required - The handle to the AES key. ### Request Example CK_MECHANISM cbcMechanism = { CKM_AES_CBC_PAD, iv, sizeof(iv) }; rv = p11->C_EncryptInit(hSession, &cbcMechanism, hAesKey); rv = p11->C_Encrypt(hSession, plaintext, len, ciphertext, &cLen); ### Response #### Success Response (CKR_OK) - **output** (CK_BYTE[]) - The encrypted or decrypted data buffer. ``` -------------------------------- ### Compile SoftHSMv2 Source Code Source: https://github.com/softhsm/softhsmv2/blob/main/CMAKE-NOTES.md Compiles the SoftHSMv2 source code from the build directory using the make utility. ```bash make -C build ``` -------------------------------- ### Configure SoftHSMv2 Object Store Library Source: https://github.com/softhsm/softhsmv2/blob/main/src/lib/object_store/CMakeLists.txt This CMake configuration defines the source files and include directories for the object store library. It conditionally includes database-related source files and platform-specific headers for MSVC. ```cmake project(softhsm_objectstore) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/../common ${PROJECT_SOURCE_DIR}/../crypto ${PROJECT_SOURCE_DIR}/../data_mgr ${PROJECT_SOURCE_DIR}/../pkcs11 ${SQLITE3_INCLUDES} ) set(SOURCES Directory.cpp File.cpp FindOperation.cpp Generation.cpp ObjectFile.cpp ObjectStore.cpp ObjectStoreToken.cpp OSAttribute.cpp OSToken.cpp SessionObject.cpp SessionObjectStore.cpp UUID.cpp) if(WITH_OBJECTSTORE_BACKEND_DB) list(APPEND SOURCES DB.cpp DBObject.cpp DBToken.cpp) endif(WITH_OBJECTSTORE_BACKEND_DB) if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") list(APPEND INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../win32) endif() include_directories(${INCLUDE_DIRS}) add_library(${PROJECT_NAME} OBJECT ${SOURCES}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) if(NOT CMAKE_VERSION VERSION_LESS "3.12") target_link_libraries(${PROJECT_NAME} ${SQLITE3_LIBS}) endif() if(BUILD_TESTS) add_subdirectory(test) endif(BUILD_TESTS) ``` -------------------------------- ### Configure SoftHSM2 Utility Build with CMake Source: https://github.com/softhsm/softhsmv2/blob/main/src/bin/util/CMakeLists.txt This CMake script defines the include directories, source files, and linking requirements for the softhsm2-util executable. It dynamically adjusts sources based on the selected cryptographic backend and compiler environment. ```cmake project(softhsm2-util) set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../common ${PROJECT_SOURCE_DIR}/../../lib/common ${PROJECT_SOURCE_DIR}/../../lib/crypto ${PROJECT_SOURCE_DIR}/../../lib/data_mgr ${PROJECT_SOURCE_DIR}/../../lib/object_store ${PROJECT_SOURCE_DIR}/../../lib/pkcs11 ${CRYPTO_INCLUDES} ${SQLITE3_INCLUDES} ) set(SOURCES softhsm2-util.cpp ${PROJECT_SOURCE_DIR}/../common/findslot.cpp ${PROJECT_SOURCE_DIR}/../common/getpw.cpp ${PROJECT_SOURCE_DIR}/../common/library.cpp ) if(WITH_OPENSSL) list(APPEND SOURCES softhsm2-util-ossl.cpp ${PROJECT_SOURCE_DIR}/../../lib/crypto/OSSLComp.cpp ) endif(WITH_OPENSSL) if(WITH_BOTAN) list(APPEND SOURCES softhsm2-util-botan.cpp) endif(WITH_BOTAN) if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") list(APPEND INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/../../lib/win32 ${CMAKE_CURRENT_SOURCE_DIR}/../win32) list(APPEND SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../win32/getopt.cpp) endif() include_directories(${INCLUDE_DIRS}) add_executable(${PROJECT_NAME} ${SOURCES}) target_link_libraries(${PROJECT_NAME} softhsm2-static ${CRYPTO_LIBS} ${SQLITE3_LIBS} ${CMAKE_DL_LIBS}) target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS}) install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR} ) install(FILES ${PROJECT_NAME}.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 ) ``` -------------------------------- ### C++ Wrapper for Compiling .c Files as C Source: https://github.com/softhsm/softhsmv2/blob/main/FIPS-NOTES.md This shell script acts as a wrapper to ensure that .c files are compiled as C code when using a C++ compiler, preventing potential issues and warnings. It inserts '-x c' and '-x none' flags around .c files in the compilation command. ```shell #!/bin/sh commands="g++" for elem in $@ do case $elem in *.c) commands+=" -x c $elem -x none";; *) commands+=" $elem";; esac done exec $commands ``` -------------------------------- ### Verify Digital Signatures with PKCS#11 Source: https://context7.com/softhsm/softhsmv2/llms.txt Shows the process of verifying a digital signature using a public key. It checks the signature against the original data and returns the verification status. ```c CK_RV rv; CK_BYTE data[] = "Message to be signed"; CK_BYTE signature[512]; CK_ULONG signatureLen; CK_MECHANISM mechanism = { CKM_SHA256_RSA_PKCS, NULL_PTR, 0 }; rv = p11->C_VerifyInit(hSession, &mechanism, hPublicKey); rv = p11->C_Verify(hSession, data, sizeof(data) - 1, signature, signatureLen); if (rv == CKR_OK) { printf("Signature verification: VALID\n"); } else if (rv == CKR_SIGNATURE_INVALID) { printf("Signature verification: INVALID\n"); } ```