CryptoCorner pkcs11-tool + SoftHSM2

SoftHSM2: What crypto mechanisms and ciphers are supported?

SoftHSM2 is free and easy o install or compile. But if you search how to use SoftHSM2 for symmetric and asymmetric cryptography or hashing you will notice that the OpenDNSSEC Wiki will not have any hint what mechanisms are supportet. This post will show how to view all SoftHSM mechanisms using pkcs11-tool. This references are based on version 2.6.1 and can be downloaded from OpenDNSSEC website.

To repeat the following steps you need to install or compile the following packages:

  • OpenSC (includes pkcs11-tool binary)
  • SoftHSM2

List all SoftHSM2 mechanisms (AES, DES, DH, DSA, ECDH, ECDSA, HASHES, RSA)

$ pkcs11-tool --modul /usr/local/lib/softhsm/libsofthsm2.so -M

Using slot 0 with a present token (0x9932fc7)
Supported mechanisms:
AES-CBC, keySize={16,32}, encrypt, decrypt, wrap
mechtype-0x1105, derive
AES-CBC-PAD, keySize={16,32}, encrypt, decrypt
mechtype-0x108A, keySize={16,32}, sign, verify
mechtype-0x1086, keySize={16,32}, encrypt, decrypt
AES-ECB, keySize={16,32}, encrypt, decrypt
mechtype-0x1104, derive
mechtype-0x1087, keySize={16,32}, encrypt, decrypt
AES-KEY-GEN, keySize={16,32}, generate
mechtype-0x2109, keySize={16,2147483648}, wrap, unwrap
mechtype-0x210A, keySize={1,2147483648}, wrap, unwrap
DES2-KEY-GEN, generate
DES3-CBC, encrypt, decrypt, wrap
mechtype-0x1103, derive
DES3-CBC-PAD, encrypt, decrypt
mechtype-0x138, sign, verify
DES3-ECB, encrypt, decrypt
mechtype-0x1102, derive
DES3-KEY-GEN, generate
DES-CBC, encrypt, decrypt, wrap
mechtype-0x1101, derive
DES-CBC-PAD, encrypt, decrypt, wrap
DES-ECB, encrypt, decrypt, wrap
mechtype-0x1100, derive
DES-KEY-GEN, generate
DH-PKCS-DERIVE, keySize={512,10000}, derive
DH-PKCS-KEY-PAIR-GEN, keySize={512,10000}, generate_key_pair
DH-PKCS-PARAMETER-GEN, keySize={512,10000}, generate
DSA, keySize={512,1024}, sign, verify
DSA-KEY-PAIR-GEN, keySize={512,1024}, generate_key_pair
DSA-PARAMETER-GEN, keySize={512,1024}, generate
DSA-SHA1, keySize={512,1024}, sign, verify
mechtype-0x13, keySize={512,1024}, sign, verify
mechtype-0x14, keySize={512,1024}, sign, verify
mechtype-0x15, keySize={512,1024}, sign, verify
mechtype-0x16, keySize={512,1024}, sign, verify
ECDH1-DERIVE, keySize={112,521}, derive
ECDSA, keySize={112,521}, sign, verify, other flags=0x1900000
mechtype-0x1055, keySize={256,456}, generate_key_pair
ECDSA-KEY-PAIR-GEN, keySize={112,521}, generate_key_pair, other flags=0x1900000
mechtype-0x1057, keySize={256,456}, sign, verify
GENERIC-SECRET-KEY-GEN, keySize={1,2147483648}, generate
MD5, digest
MD5-HMAC, keySize={16,512}, sign, verify
MD5-RSA-PKCS, keySize={512,16384}, sign, verify
RSA-PKCS, keySize={512,16384}, encrypt, decrypt, sign, verify, wrap, unwrap
RSA-PKCS-KEY-PAIR-GEN, keySize={512,16384}, generate_key_pair
RSA-PKCS-OAEP, keySize={512,16384}, encrypt, decrypt, wrap, unwrap
RSA-PKCS-PSS, keySize={512,16384}, sign, verify
RSA-X-509, keySize={512,16384}, encrypt, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={512,16384}, sign, verify
SHA1-RSA-PKCS-PSS, keySize={512,16384}, sign, verify
SHA224, digest
SHA224-HMAC, keySize={28,512}, sign, verify
SHA224-RSA-PKCS, keySize={512,16384}, sign, verify
SHA224-RSA-PKCS-PSS, keySize={512,16384}, sign, verify
SHA256, digest
SHA256-HMAC, keySize={32,512}, sign, verify
SHA256-RSA-PKCS, keySize={512,16384}, sign, verify
SHA256-RSA-PKCS-PSS, keySize={512,16384}, sign, verify
SHA384, digest
SHA384-HMAC, keySize={48,512}, sign, verify
SHA384-RSA-PKCS, keySize={512,16384}, sign, verify
SHA384-RSA-PKCS-PSS, keySize={512,16384}, sign, verify
SHA512, digest
SHA512-HMAC, keySize={64,512}, sign, verify
SHA512-RSA-PKCS, keySize={512,16384}, sign, verify
SHA512-RSA-PKCS-PSS, keySize={512,16384}, sign, verify
SHA-1, digest
SHA-1-HMAC, keySize={20,512}, sign, verify

Basically SoftHSM2 supporting all major algorithms currently used in cryptography:

  • RSA cryptography (the old friends…)
  • DES and 3DES cryptography (less important for new projects)
  • ECC cryptography (fast, cool and hype)
  • Diffie-Hellmann key exchange
  • Hashing algorithms from MD5 (outdated), SHA1 (old), SHA2 including SHA256 (current choice), SHA384 and SHA512 (the very best)
  • HMAC / Keyed-Hash Message Authentication Code
  • Key Generation (referred as “GENERIC-SECRET-KEY-GEN”)

One more function is available but not listed as mechanism, the integrated random number generator:

$ pkcs11-tool --modul /usr/local/lib/softhsm/libsofthsm2.so --generate-random 100 | hd

 Using slot 0 with a present token (0x9932fc7)
 00000000  81 cf 86 97 e2 36 7d 98  f0 aa 30 94 2c fe 68 34  |…..6}…0.,.h4|
 00000010  45 c9 b4 ca 25 8c 22 f3  1d d5 c8 fe 55 7b 66 50  |E…%."…..U{fP|
 00000020  44 f1 cc d3 ff 61 d1 53  0a b4 2c 58 08 cb ca bb  |D….a.S..,X….|
 00000030  de cf f5 e4 0b 43 2e 56  8a c0 01 e2 a2 6e e4 25  |…..C.V…..n.%|
 00000040  1b 60 e7 0c 4f 6c 31 b4  7d 0f bb 14 e0 f8 0c 6c  |.`..Ol1.}……l|
 00000050  e7 b2 6d 15 e0 6f 8d f7  db 9e 0d 16 b6 46 e2 e1  |..m..o…….F..|
 00000060  3a e3 32 14                                       |:.2.|
 00000064

Keep in mind: SoftHSM2 cryptography is done in software only!

SoftHSM2 is a nice implementation of a PKCS#11 library. Looking at the source code everything its based on OpenSSL library calls only. There is PIN and PUK implemented, but as keys are stored in files and not stored in hardware (LINK!) you simply an:

  • Copy, remove or duplicate any SoftHSM key file
  • Reverse engineer SoftHSM2 or even worth include backdoors in the source code (that unfolds the PIN, PUK and secret keys) and compile the library
  • If you lost a PIN or PUK or a hacker grabs a SoftHSM key file: Brute-force-attack the protecting PIN/PUK as you may copy the keys on hundreds or thousands of computers to speed up the attack

Soon I will write a simple hack for SoftHSM2 and publish the hack here in this blog. SoftHSM2 is a nice way of processing cryptography, but is the same insecure as password protected keys, e.g. PFX or .p12 key files.

In my other posts your find many more working examples and use cases for OpenSSL, OpenSC, PKCS#11 libraries, SoftHSM2.

Please share your experience as a comment! (German and English comments are welcome)

Related Posts

4 Gedanken zu „SoftHSM2: What crypto mechanisms and ciphers are supported?“

  1. Thanks for all the great Crypto Corner articles!
    I would love an article showing usage of SoftHSM2/PKCS#11 with OpenSSL similar to “Simple start with Yubico PKCS#11 library”. For example how to use stored keys to make a TLS connection.

  2. Firstly, thank for you contributions. However, when I built SoftHSMv2 on Ubuntu 18.04 with default option, I only see it supports SHA1-RSA-PKCS-PSS and RSA-PKCS-PSS. Can you tell me what I missed? Thank for your time.

    1. Just make sure that you are using the lastest dev version of OpenSSL 1.1.1 and build SoftHSM2 against OpenSSL and not alternative crypto libraries.
      The Screenshots were made on a much younger Debian 10 distribution, maybe use the latest Ubuntu version and build again.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert