{"id":15018569,"url":"https://github.com/sophos/crypt-pkcs11-easy","last_synced_at":"2025-10-03T22:30:44.961Z","repository":{"id":56830977,"uuid":"57052605","full_name":"sophos/Crypt-PKCS11-Easy","owner":"sophos","description":"Try to make PKCS#11 less miserable","archived":true,"fork":false,"pushed_at":"2023-01-24T08:54:54.000Z","size":96,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-09-29T19:01:25.817Z","etag":null,"topics":["cryptoki","encryption","hsm","perl","perl-module","perl5","pkcs11","signing"],"latest_commit_sha":null,"homepage":null,"language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sophos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-04-25T15:20:16.000Z","updated_at":"2024-06-17T09:39:17.000Z","dependencies_parsed_at":"2023-02-13T19:30:33.664Z","dependency_job_id":null,"html_url":"https://github.com/sophos/Crypt-PKCS11-Easy","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sophos%2FCrypt-PKCS11-Easy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sophos%2FCrypt-PKCS11-Easy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sophos%2FCrypt-PKCS11-Easy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sophos%2FCrypt-PKCS11-Easy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sophos","download_url":"https://codeload.github.com/sophos/Crypt-PKCS11-Easy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235198403,"owners_count":18951500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptoki","encryption","hsm","perl","perl-module","perl5","pkcs11","signing"],"created_at":"2024-09-24T19:52:07.737Z","updated_at":"2025-10-03T22:30:39.668Z","avatar_url":"https://github.com/sophos.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/sophos/Crypt-PKCS11-Easy.svg?branch=master)](https://travis-ci.org/sophos/Crypt-PKCS11-Easy)\n[![Coverage Status](https://coveralls.io/repos/github/sophos/Crypt-PKCS11-Easy/badge.svg?branch=master)](https://coveralls.io/github/sophos/Crypt-PKCS11-Easy?branch=master)\n[![Kwalitee status](http://cpants.cpanauthors.org/dist/Crypt-PKCS11-Easy.png)](http://cpants.charsbar.org/dist/overview/Crypt-PKCS11-Easy)\n[![GitHub issues](https://img.shields.io/github/issues/sophos/Crypt-PKCS11-Easy.svg)](https://github.com/sophos/Crypt-PKCS11-Easy/issues)\n[![GitHub tag](https://img.shields.io/github/tag/sophos/Crypt-PKCS11-Easy.svg)]()\n[![Cpan license](https://img.shields.io/cpan/l/Crypt-PKCS11-Easy.svg)](https://metacpan.org/release/Crypt-PKCS11-Easy)\n[![Cpan version](https://img.shields.io/cpan/v/Crypt-PKCS11-Easy.svg)](https://metacpan.org/release/Crypt-PKCS11-Easy)\n\n# SYNOPSIS\n```perl\n\nuse Crypt::PKCS11::Easy;\nuse IO::Prompter;\n\nmy $file = '/file/to/sign';\n\nmy $hsm = Crypt::PKCS11::Easy-\u003enew(\n    module =\u003e 'libCryptoki2_64',\n    key    =\u003e 'MySigningKey',\n    slot   =\u003e '0',\n    pin    =\u003e sub { prompt 'Enter PIN: ', -echo=\u003e'*' },\n);\n\nmy $base64_signature = $hsm-\u003esign_and_encode(file =\u003e $file);\nmy $binary_signature = $hsm-\u003edecode_signature(data =\u003e $base64_signature);\n\n$hsm-\u003everify(file =\u003e $data_file, sig =\u003e $binary_signature)\n  or die \"VERIFICATION FAILED\\n\";\n```\n\n# DESCRIPTION\n\nThis module is an OO wrapper around [Crypt::PKCS11](https://metacpan.org/pod/Crypt::PKCS11), designed primarily to make\nusing a HSM as simple as possible.\n\n## Signing a file with `Crypt::PKCS11`\n```perl\nuse IO::Prompter;\nuse Crypt::PKCS11;\nuse Crypt::PKCS11::Attributes;\n\nmy $pkcs11 = Crypt::PKCS11-\u003enew;\n$pkcs11-\u003eload('/usr/safenet/lunaclient/lib/libCryptoki2_64.so');\n$pkcs11-\u003eInitialize;\n# assuming there is only one slot\nmy @slot_ids = $pkcs11-\u003eGetSlotList(1);\nmy $slot_id = shift @slot_ids;\n\nmy $session = $pkcs11-\u003eOpenSession($slot_id, CKF_SERIAL_SESSION)\n    or die \"Error\" . $pkcs11-\u003eerrstr;\n\n$session-\u003eLogin(CKU_USER, sub { prompt 'Enter PIN: ', -echo=\u003e'*' } )\n    or die \"Failed to login: \" . $session-\u003eerrstr;\n\nmy $object_template = Crypt::PKCS11::Attributes-\u003enew-\u003epush(\n    Crypt::PKCS11::Attribute::Label-\u003enew-\u003eset('MySigningKey'),\n    Crypt::PKCS11::Attribute::Sign-\u003enew-\u003eset(1),\n);\n$session-\u003eFindObjectsInit($object_template);\nmy $objects = $session-\u003eFindObjects(1);\nmy $key = shift @$objects;\n\nmy $sign_mech = Crypt::PKCS11::CK_MECHANISM-\u003enew;\n$sign_mech-\u003eset_mechanism(CKM_SHA1_RSA_PKCS);\n\n$session-\u003eSignInit($sign_mech, $key)\n    or die \"Failed to set init signing: \" . $session-\u003eerrstr;\n\nmy $sig = $session-\u003eSign('SIGN ME')\n    or die \"Failed to sign: \" . $session-\u003eerrstr;\n```\n\n## Signing a file with `Crypt::PKCS11::Easy`\n```perl\nuse Crypt::PKCS11::Easy;\nuse IO::Prompter;\n\nmy $hsm = Crypt::PKCS11::Easy-\u003enew(\n    module =\u003e 'libCryptoki2_64',\n    key    =\u003e 'MySigningKey',\n    slot   =\u003e '0',\n    pin    =\u003e sub { prompt 'Enter PIN: ', -echo=\u003e'*' },\n);\n\nmy $sig = $hsm-\u003esign(data =\u003e 'SIGN ME');\n```\n\nTo make that conciseness possible a `Crypt::PKCS11::Object` can only be used\nfor one function, e.g. signing OR verifying, and cannot be set to use a\ndifferent key or a different token after instantiation. A new object should be\ncreated for each function.\n\n# SEE ALSO\n\n* [PKCS#11 v2.40 Mechanisms](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html)\n* [Crypt::PKCS11](https://metacpan.org/pod/Crypt::PKCS11)\n* [SoftHSM2](https://www.opendnssec.org/softhsm/)\n\nProject archive:\n\nThis repository has been formally archived, the project supporting it has been closed and no future updates will be made.\nThe code will remain available for a period of time until and unless the owner decides to withdraw it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsophos%2Fcrypt-pkcs11-easy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsophos%2Fcrypt-pkcs11-easy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsophos%2Fcrypt-pkcs11-easy/lists"}