/Pkcs11Interop

Managed .NET wrapper for unmanaged PKCS#11 libraries

Primary LanguageC#Apache License 2.0Apache-2.0

Pkcs11Interop

Managed .NET wrapper for unmanaged PKCS#11 libraries

License AppVeyor NuGet Stack Overflow Twitter

Table of Contents

Overview

PKCS#11 is cryptography standard maintained by the OASIS PKCS 11 Technical Committee (originally published by RSA Laboratories) that defines ANSI C API to access smart cards and other types of cryptographic hardware.

Pkcs11Interop is managed library written in C# that brings full power of PKCS#11 API to the .NET environment. It loads unmanaged PKCS#11 library provided by the cryptographic device vendor and makes its functions accessible to .NET application.

Following figure presents the typical usage of Pkcs11Interop library in .NET application:

Pkcs11Interop architecture

Pkcs11Interop library:

  • implements .NET wrapper for unmanaged PKCS#11 libraries
  • is compliant with PKCS#11 v2.40 specification and PKCS#11 URI scheme defined in RFC 7512
  • is compatible with .NET Framework 2.0 and higher, .NET Core, Mono and Xamarin
  • is supported on Windows, Linux, Mac OS X, Android and iOS
  • is supported on both 32-bit and 64-bit platforms
  • is open source and completely free for commercial use
  • is used in production by several information security and financial organizations
  • uses 100% managed and fully documented code
  • contains code samples covering all methods of PKCS#11 API

Pkcs11Interop has been confirmed to be working with the following devices:

  • Atos CardOS (former Siemens CardOS) smartcard
  • Thales nShield Solo (former nCipher nShield) HSM
  • SoftHSM (virtual HSM from OpenDNSSEC project)
  • Feitian ePass 2003 token
  • SafeNet ProtectServer HSM
  • SafeNet Luna SA HSM
  • Utimaco CryptoServer HSM
  • Belgian and Slovak eID cards
  • SmartCard-HSM

Documentation

It is highly recommended that before you start using Pkcs11Interop you get familiar at least with "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 v2.20 specification (or equivalent chapters of any previous or subsequent specification version).

Pkcs11Interop API is fully documented with the inline XML documentation that is displayed by the most of the modern IDEs during the application development. Detailed Pkcs11Interop API documentation is also available online.

Following topics are covered by standalone documents:

Download

Archives with the source code and binaries can be downloaded from our releases page. Official NuGet packages are published in nuget.org repository. All official items are signed with GnuPG key or code-signing certificate of Jaroslav Imrich and announced via public mailing list.

License

Pkcs11Interop is available under the terms of the Apache License, Version 2.0.
Human friendly license summary is available at tldrlegal.com but the full license text always prevails.

Support

If you need help please pick one of the options that best suits your needs:

Related projects

  • Pkcs11Admin
    GUI tool for administration of PKCS#11 enabled devices based on Pkcs11Interop library.
  • PKCS11-LOGGER
    PKCS#11 logging proxy module useful for debugging of PKCS#11 enabled applications.
  • SoftHSM2-for-Windows
    Pure software implementation of a cryptographic store accessible through a PKCS#11 interface.

About

Pkcs11Interop has been written by Jaroslav Imrich.
Please visit project website - pkcs11interop.net - for more information.