{"id":13474388,"url":"https://github.com/mheese/rust-pkcs11","last_synced_at":"2026-04-02T01:36:33.576Z","repository":{"id":26771401,"uuid":"109721397","full_name":"mheese/rust-pkcs11","owner":"mheese","description":"Rust PKCS#11 Library","archived":false,"fork":false,"pushed_at":"2022-10-27T07:10:32.000Z","size":759,"stargazers_count":75,"open_issues_count":0,"forks_count":31,"subscribers_count":10,"default_branch":"master","last_synced_at":"2026-01-02T08:46:39.204Z","etag":null,"topics":["cryptoki","deprecated","deprecated-library","deprecated-repo","deprecated-repository","pkcs11","rust","rust-ffi","rust-library"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mheese.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-11-06T16:36:09.000Z","updated_at":"2025-08-25T04:35:09.000Z","dependencies_parsed_at":"2022-07-27T08:52:14.282Z","dependency_job_id":null,"html_url":"https://github.com/mheese/rust-pkcs11","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/mheese/rust-pkcs11","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mheese%2Frust-pkcs11","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mheese%2Frust-pkcs11/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mheese%2Frust-pkcs11/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mheese%2Frust-pkcs11/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mheese","download_url":"https://codeload.github.com/mheese/rust-pkcs11/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mheese%2Frust-pkcs11/sbom","scorecard":{"id":639974,"data":{"date":"2025-08-11","repo":{"name":"github.com/mheese/rust-pkcs11","commit":"a49de50f8400e50655660b66b2e56b604fc6a19e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":3,"reason":"Found 3/10 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/mheese/rust-pkcs11/audit.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mheese/rust-pkcs11/coverage.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mheese/rust-pkcs11/linux.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mheese/rust-pkcs11/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mheese/rust-pkcs11/windows.yml/master?enable=pin","Warn: downloadThenRun not pinned by hash: .github/workflows/coverage.yml:31","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/audit.yml:1","Warn: no topLevel permission defined: .github/workflows/coverage.yml:1","Warn: no topLevel permission defined: .github/workflows/linux.yml:1","Warn: no topLevel permission defined: .github/workflows/macos.yml:1","Warn: no topLevel permission defined: .github/workflows/windows.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T10:27:13.447Z","repository_id":26771401,"created_at":"2025-08-21T10:27:13.447Z","updated_at":"2025-08-21T10:27:13.447Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31293973,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T01:05:07.454Z","status":"ssl_error","status_checked_at":"2026-04-02T00:56:46.496Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptoki","deprecated","deprecated-library","deprecated-repo","deprecated-repository","pkcs11","rust","rust-ffi","rust-library"],"created_at":"2024-07-31T16:01:11.993Z","updated_at":"2026-04-02T01:36:33.557Z","avatar_url":"https://github.com/mheese.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003c!--\nCopyright 2017 Marcus Heese\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n--\u003e\n\n# Rust PKCS#11 Library\n\n**!!!!!**\n\n**NOTE:** The repository is unmaintained. Please switch to [cryptoki](https://github.com/parallaxsecond/rust-cryptoki)! Thanks again to everybody who has contributed in the past. Unfortunately, I simply don't have the bandwidth to maintain this in my spare/free time anymore.\n\n**!!!!!**\n\n\n![maintenance-status](https://img.shields.io/badge/maintenance-deprecated-red.svg)\n[![Latest version](https://img.shields.io/crates/v/pkcs11.svg)](https://crates.io/crates/pkcs11)\n[![Documentation](https://docs.rs/pkcs11/badge.svg)](https://docs.rs/pkcs11)\n![Build status](https://github.com/mheese/rust-pkcs11/workflows/Linux/badge.svg)\n![Build status](https://github.com/mheese/rust-pkcs11/workflows/macOS/badge.svg)\n![Build status](https://github.com/mheese/rust-pkcs11/workflows/Windows/badge.svg)\n![Build status](https://github.com/mheese/rust-pkcs11/workflows/Audit/badge.svg)\n[![codecov](https://codecov.io/gh/mheese/rust-pkcs11/branch/master/graph/badge.svg)](https://codecov.io/gh/mheese/rust-pkcs11)\n![License](https://img.shields.io/crates/l/pkcs11.svg)\n\nThis is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.\n\n## Status\n\nThe library has full support for all functions in PKCS#11 v2.40.\nIt should technically work with any Cryptoki version from v2.00.\nFor example there is special handling for `C_WaitForSlotEvent` which has been added only in v2.01.\nYou can successfully implement and reach all low-level Cryptoki semantics and structures.\nAll of them are integration tested using SoftHSM.\nFor better interoperability the low-level API is using nearly the same function/method calls and data structures as defined in the official standard.\nThat means that using the low-level API should be very easy for people who are familiar with PKCS#11 as the naming and variables/constants/defines are the same.\n\nA high-level more Rust-friendly API is in the design process.\nIts goal is to hide most of the low-level PKCS#11 semantics that one does not need to be aware of as they can be very verbose.\nFurthermore using Rust datastructures it is possible to come up with a more type-safe library at compile time to help users to use PKCS#11 more successfully and to make it more robust.\nIt will also provide easier primitives for multi-part encrypting/decrypting/signing/etc.\nIdeally by providing a streaming API.\nLast but not least it will provide session management and lock/unlock free sessions as they are available from the context.\nEspecially on tokens that provide parallel processing this can be a very tedious and error-prone process.\n\n## Compatiblity Matrix\n\n**TODO:** This is still in the making, and most likely very incomplete.\n\nAs PKCS#11 implementations are not always sticking to the standard, your token might still have problems, unfortunately.\nThese are known tokens as reported by users that definitely work together with this library.\n\n- [SoftHSM version 2](https://github.com/opendnssec/SoftHSMv2) (duh, who would have thought)\n- [Nitrokey HSM 2](https://www.nitrokey.com)\n- [CardConnect SmartCard-HSM](https://www.smartcard-hsm.com/)\n- Safenet iKey 2032\n- and probably a lot more...\n\nIf you use this library with an HSM that is not listed here, please open an issue (or even better a PR) so that I can update this matrix.\nIf your token does not work, please also open an issue, of course, so that we can investigate.\n\n## Testing\n\nTesting is currently done with [SoftHSM2](https://github.com/opendnssec/SoftHSMv2 \"SoftHSM2 Repo\").\nA trillion thanks to the people at OpenDNSSEC for writing SoftHSM.\nThis makes it possible to develop applications that need to support PKCS#11.\nI would have no idea what to do without it.\n(Suggestions are always welcome.)\n\n## TODO\n\nHere is a list of the implementation status and plans on what to do next:\n\n- [x] Dynamic loading of PKCS#11 module (thanks to [libloading](https://github.com/nagisa/rust_libloading \"libloading Repo\"))\n- [x] Initializing and Dropping PKCS#11 context\n- [x] Implementing Token and PIN Management functions\n- [x] Implementing Session Management functions\n- [x] Implementing Object Management functions\n- [x] Implementing Key Management functions\n- [x] Implementing Encryption/Decryption functions\n- [x] Implementing Message Digest functions\n- [x] Implementing Signing and MACing\n- [x] Implementing Verifying of signatures and MACs\n- [x] Implementing Dual-function cryptographic operations\n- [x] Implementing Legacy PKCS#11 functions\n- [x] Reorganize code of low-level API (too bloated, which we all know is what PKCS#11 is like)\n- [x] Import the rest of the C header `pkcs11t.h` types into rust\n- [x] Import the rest of the C header `pkcs11f.h` functions into rust\n- [x] Publish on crates.io (wow, that was easy)\n- [ ] C type constants to string converter functions, and the reverse (maybe part of the high-level API?)\n- [ ] Design and implement high-level API\n- [ ] Write and Generate Documentation for Rust docs\n- [ ] Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)\n- [ ] Suppport for PKCS#11 v3.00\n- [ ] make packed struct and CK_ULONG / CK_LONG feature flags with platform defaults when it becomes possible - currently the default when the target is Windows as PKCS#11 explicitly demands packed structs on Windows and `unsigned long` and `long` are both only 32bit on Microsoft compilers by default. However, on any other unix platform the defaults are not really defined and one might need to opt in for one or the other.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmheese%2Frust-pkcs11","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmheese%2Frust-pkcs11","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmheese%2Frust-pkcs11/lists"}