{"id":22253579,"url":"https://github.com/nitrokey/nethsm-pkcs11","last_synced_at":"2026-03-04T13:03:19.053Z","repository":{"id":44880528,"uuid":"339386195","full_name":"Nitrokey/nethsm-pkcs11","owner":"Nitrokey","description":"PKCS#11 module for NetHSM","archived":false,"fork":false,"pushed_at":"2026-02-26T19:10:52.000Z","size":3141,"stargazers_count":38,"open_issues_count":23,"forks_count":12,"subscribers_count":7,"default_branch":"main","last_synced_at":"2026-02-26T22:56:43.335Z","etag":null,"topics":["cryptography","hsm","nethsm","pkcs11","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nitrokey.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-16T12:07:28.000Z","updated_at":"2026-02-19T15:03:38.000Z","dependencies_parsed_at":"2023-01-19T19:16:04.438Z","dependency_job_id":"d97c28e5-5e3c-4a82-9fcd-0529c6fd7205","html_url":"https://github.com/Nitrokey/nethsm-pkcs11","commit_stats":null,"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/Nitrokey/nethsm-pkcs11","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitrokey%2Fnethsm-pkcs11","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitrokey%2Fnethsm-pkcs11/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitrokey%2Fnethsm-pkcs11/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitrokey%2Fnethsm-pkcs11/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nitrokey","download_url":"https://codeload.github.com/Nitrokey/nethsm-pkcs11/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nitrokey%2Fnethsm-pkcs11/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30081089,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T12:28:08.313Z","status":"ssl_error","status_checked_at":"2026-03-04T12:27:28.210Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","hsm","nethsm","pkcs11","rust"],"created_at":"2024-12-03T07:19:02.477Z","updated_at":"2026-03-04T13:03:19.044Z","avatar_url":"https://github.com/Nitrokey.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PKCS#11 Module for the Nitrokey NetHSM\n\n[![codecov.io][codecov-badge]][codecov-url]\n\n[codecov-badge]: https://codecov.io/gh/nitrokey/nethsm-pkcs11/branch/main/graph/badge.svg\n[codecov-url]: https://app.codecov.io/gh/nitrokey/nethsm-pkcs11/tree/main\n\nThis module allows to use a [Nitrokey NetHSM](https://www.nitrokey.com/products/nethsm) as a backend for PKCS#11 operations.\n\nSee the [list of supported features](./features.md) for more details.\n\n## Download\n\nDownload the latest binary from the [release page](https://github.com/Nitrokey/nethsm-pkcs11/releases).\n\n## Documentation\n\nFollow the [documentation](https://docs.nitrokey.com/nethsm/pkcs11-setup.html) for usage instructions.\n\n## Compatibility\n\nnethsm-pkcs11 is compatible with these NetHSM versions:\n\n| NetHSM Version | Compatibility | Notes |\n| :------------: | :-----------: | ----- |\n| [v1.0][nethsm-v1.0] | limited | |\n| [v2.0][nethsm-v2.0] | limited | |\n| [v2.1][nethsm-v2.1] | limited | |\n| [v2.2][nethsm-v2.2] | limited | |\n| [v3.0][nethsm-v3.0] | limited | RSA signatures using PKCS1 mechanisms do not work. |\n| [v3.1][nethsm-v3.1] | full | |\n\n[nethsm-v1.0]: https://github.com/Nitrokey/nethsm/releases/tag/v1.0\n[nethsm-v2.0]: https://github.com/Nitrokey/nethsm/releases/tag/v2.0\n[nethsm-v2.1]: https://github.com/Nitrokey/nethsm/releases/tag/v2.1\n[nethsm-v2.2]: https://github.com/Nitrokey/nethsm/releases/tag/v2.2\n[nethsm-v3.0]: https://github.com/Nitrokey/nethsm/releases/tag/v3.0\n[nethsm-v3.1]: https://github.com/Nitrokey/nethsm/releases/tag/v3.1\n\nFull compatibility means that all features of the NetHSM PKCS#11 module can be used with this version.\nLimited compatibility means that only some features are available for this version.\nSee the [changelog](./CHANGELOG.md) for more detailed information on the version requirements for new features.\n\n## Debug Options\n\nSet the `RUST_LOG` env variable to `trace`, `debug`, `info`, `warn` or `err` to change the logging level.\n\n## Docker Examples\n\nFor testing and development purposes there are two examples using the PKCS11 driver with Nginx and Apache.\n\nThey require each a certificate built with the `container/\u003cserver\u003e/generate.sh`.\n\nThey can be built with:\n\n```bash\n# Building the images \ndocker build -t nginx-testing -f container/nginx/Dockerfile .\ndocker build -t apache-testing -f container/apache/Dockerfile .\n```\n\nAssuming that a NetHSM is runnig on localhost:8443, they can then be run with :\n\n```bash\ndocker run --net=host nginx-testing:latest\ndocker run --net=host apache-testing:latest\n```\n\nThe NetHSM is expected to have be provisionned with the following configuration:\n\n```bash\nnitropy nethsm --host localhost:8443 --no-verify-tls provision -u 0123456789 -a Administrator\nnitropy nethsm --host localhost:8443 --no-verify-tls add-user -n Operator -u operator -p opPassphrase -r Operator\n```\n\n## Testing retries\n\nThere is a set of tests that run with multiple instances and test the retry and timeout mechanisms.\nThey require: access to `sudo` (or being run as root) and `podman`.\nYou can run the command:\n\n```bash\nUSE_SUDO=true cargo t -p nethsm_pkcs11 --test basic -- multi_instance_retries\n# Or remove the use of sudo if running as root\ncargo t -p nethsm_pkcs11 --test basic -- multi_instance_retries\n```\n\n## Building\n\nRequired are `gcc` and a working Rust toolchain of at least version (MSRV) 1.70.\n\n```\ncargo build --release\n```\n\nThe dynamic library will be in `${CARGO_TARGET_DIR:-target}/release/libnethsm_pkcs11.so`.\n\n### Alpine Linux\n\nYou need to install `musl-dev` and `gcc`:\n\n```\napk add musl-dev gcc\n```\n\nTo build on Alpine Linux you will need to add the C argument `target-feature=-crt-static`:\n\n```\nRUSTFLAGS=\"-C target-feature=-crt-static\" cargo build --release\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnitrokey%2Fnethsm-pkcs11","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnitrokey%2Fnethsm-pkcs11","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnitrokey%2Fnethsm-pkcs11/lists"}