SoftHSM2 is free and easy o install or compile. But if you search how to use SoftHSM2 for symmetric and asymmetric cryptography or hashing you will notice that the OpenDNSSEC Wiki will not have any hint what mechanisms are supportet. This post will show how to view all SoftHSM mechanisms using pkcs11-tool. This references are based on version 2.6.1 and can be downloaded from OpenDNSSEC website.
To repeat the following steps you need to install or compile the following packages:
- OpenSC (includes pkcs11-tool binary)
- SoftHSM2
List all SoftHSM2 mechanisms (AES, DES, DH, DSA, ECDH, ECDSA, HASHES, RSA)
$ pkcs11-tool --modul /usr/local/lib/softhsm/libsofthsm2.so -M Using slot 0 with a present token (0x9932fc7) Supported mechanisms: AES-CBC, keySize={16,32}, encrypt, decrypt, wrap mechtype-0x1105, derive AES-CBC-PAD, keySize={16,32}, encrypt, decrypt mechtype-0x108A, keySize={16,32}, sign, verify mechtype-0x1086, keySize={16,32}, encrypt, decrypt AES-ECB, keySize={16,32}, encrypt, decrypt mechtype-0x1104, derive mechtype-0x1087, keySize={16,32}, encrypt, decrypt AES-KEY-GEN, keySize={16,32}, generate mechtype-0x2109, keySize={16,2147483648}, wrap, unwrap mechtype-0x210A, keySize={1,2147483648}, wrap, unwrap DES2-KEY-GEN, generate DES3-CBC, encrypt, decrypt, wrap mechtype-0x1103, derive DES3-CBC-PAD, encrypt, decrypt mechtype-0x138, sign, verify DES3-ECB, encrypt, decrypt mechtype-0x1102, derive DES3-KEY-GEN, generate DES-CBC, encrypt, decrypt, wrap mechtype-0x1101, derive DES-CBC-PAD, encrypt, decrypt, wrap DES-ECB, encrypt, decrypt, wrap mechtype-0x1100, derive DES-KEY-GEN, generate DH-PKCS-DERIVE, keySize={512,10000}, derive DH-PKCS-KEY-PAIR-GEN, keySize={512,10000}, generate_key_pair DH-PKCS-PARAMETER-GEN, keySize={512,10000}, generate DSA, keySize={512,1024}, sign, verify DSA-KEY-PAIR-GEN, keySize={512,1024}, generate_key_pair DSA-PARAMETER-GEN, keySize={512,1024}, generate DSA-SHA1, keySize={512,1024}, sign, verify mechtype-0x13, keySize={512,1024}, sign, verify mechtype-0x14, keySize={512,1024}, sign, verify mechtype-0x15, keySize={512,1024}, sign, verify mechtype-0x16, keySize={512,1024}, sign, verify ECDH1-DERIVE, keySize={112,521}, derive ECDSA, keySize={112,521}, sign, verify, other flags=0x1900000 mechtype-0x1055, keySize={256,456}, generate_key_pair ECDSA-KEY-PAIR-GEN, keySize={112,521}, generate_key_pair, other flags=0x1900000 mechtype-0x1057, keySize={256,456}, sign, verify GENERIC-SECRET-KEY-GEN, keySize={1,2147483648}, generate MD5, digest MD5-HMAC, keySize={16,512}, sign, verify MD5-RSA-PKCS, keySize={512,16384}, sign, verify RSA-PKCS, keySize={512,16384}, encrypt, decrypt, sign, verify, wrap, unwrap RSA-PKCS-KEY-PAIR-GEN, keySize={512,16384}, generate_key_pair RSA-PKCS-OAEP, keySize={512,16384}, encrypt, decrypt, wrap, unwrap RSA-PKCS-PSS, keySize={512,16384}, sign, verify RSA-X-509, keySize={512,16384}, encrypt, decrypt, sign, verify SHA1-RSA-PKCS, keySize={512,16384}, sign, verify SHA1-RSA-PKCS-PSS, keySize={512,16384}, sign, verify SHA224, digest SHA224-HMAC, keySize={28,512}, sign, verify SHA224-RSA-PKCS, keySize={512,16384}, sign, verify SHA224-RSA-PKCS-PSS, keySize={512,16384}, sign, verify SHA256, digest SHA256-HMAC, keySize={32,512}, sign, verify SHA256-RSA-PKCS, keySize={512,16384}, sign, verify SHA256-RSA-PKCS-PSS, keySize={512,16384}, sign, verify SHA384, digest SHA384-HMAC, keySize={48,512}, sign, verify SHA384-RSA-PKCS, keySize={512,16384}, sign, verify SHA384-RSA-PKCS-PSS, keySize={512,16384}, sign, verify SHA512, digest SHA512-HMAC, keySize={64,512}, sign, verify SHA512-RSA-PKCS, keySize={512,16384}, sign, verify SHA512-RSA-PKCS-PSS, keySize={512,16384}, sign, verify SHA-1, digest SHA-1-HMAC, keySize={20,512}, sign, verify
Basically SoftHSM2 supporting all major algorithms currently used in cryptography:
- RSA cryptography (the old friends…)
- DES and 3DES cryptography (less important for new projects)
- ECC cryptography (fast, cool and hype)
- Diffie-Hellmann key exchange
- Hashing algorithms from MD5 (outdated), SHA1 (old), SHA2 including SHA256 (current choice), SHA384 and SHA512 (the very best)
- HMAC / Keyed-Hash Message Authentication Code
- Key Generation (referred as „GENERIC-SECRET-KEY-GEN“)
One more function is available but not listed as mechanism, the integrated random number generator:
$ pkcs11-tool --modul /usr/local/lib/softhsm/libsofthsm2.so --generate-random 100 | hd Using slot 0 with a present token (0x9932fc7) 00000000 81 cf 86 97 e2 36 7d 98 f0 aa 30 94 2c fe 68 34 |…..6}…0.,.h4| 00000010 45 c9 b4 ca 25 8c 22 f3 1d d5 c8 fe 55 7b 66 50 |E…%."…..U{fP| 00000020 44 f1 cc d3 ff 61 d1 53 0a b4 2c 58 08 cb ca bb |D….a.S..,X….| 00000030 de cf f5 e4 0b 43 2e 56 8a c0 01 e2 a2 6e e4 25 |…..C.V…..n.%| 00000040 1b 60 e7 0c 4f 6c 31 b4 7d 0f bb 14 e0 f8 0c 6c |.`..Ol1.}……l| 00000050 e7 b2 6d 15 e0 6f 8d f7 db 9e 0d 16 b6 46 e2 e1 |..m..o…….F..| 00000060 3a e3 32 14 |:.2.| 00000064
Keep in mind: SoftHSM2 cryptography is done in software only!
SoftHSM2 is a nice implementation of a PKCS#11 library. Looking at the source code everything its based on OpenSSL library calls only. There is PIN and PUK implemented, but as keys are stored in files and not stored in hardware (LINK!) you simply an:
- Copy, remove or duplicate any SoftHSM key file
- Reverse engineer SoftHSM2 or even worth include backdoors in the source code (that unfolds the PIN, PUK and secret keys) and compile the library
- If you lost a PIN or PUK or a hacker grabs a SoftHSM key file: Brute-force-attack the protecting PIN/PUK as you may copy the keys on hundreds or thousands of computers to speed up the attack
Soon I will write a simple hack for SoftHSM2 and publish the hack here in this blog. SoftHSM2 is a nice way of processing cryptography, but is the same insecure as password protected keys, e.g. PFX or .p12 key files.
In my other posts your find many more working examples and use cases for OpenSSL, OpenSC, PKCS#11 libraries, SoftHSM2.
Please share your experience as a comment! (German and English comments are welcome)
Related Posts
- How to sign data with OpenSSL on an HSM
- First Steps with OpenSSL for signature and encryption
- Full working ECDSA signature with OpenSSL
- SoftHSM2: What crypto mechanisms and ciphers are supported?
- Simple start with Yubico PKCS#11 library
- Export a RSA / ECC public key with OpenSC pkcs11-tool
- SoftHSM2 view slot info and objects on a specific slot
- Generate RSA, ECC and AES keys with OpenSC pkcs11-tool
- Show slot and token info with OpenSC pkcs11-tool
- SoftHSM2 first steps to create slots
- Configuration of OpenSC pkcs11-tool
- S/MIME Zertifikat per OpenSSL erstellen
- EFS Schlüssel per OpenSSL erstellen
Thanks for all the great Crypto Corner articles!
I would love an article showing usage of SoftHSM2/PKCS#11 with OpenSSL similar to „Simple start with Yubico PKCS#11 library“. For example how to use stored keys to make a TLS connection.
Dear Oskar, that is somethink I am already planning. Visit again in a few days!
Firstly, thank for you contributions. However, when I built SoftHSMv2 on Ubuntu 18.04 with default option, I only see it supports SHA1-RSA-PKCS-PSS and RSA-PKCS-PSS. Can you tell me what I missed? Thank for your time.
Just make sure that you are using the lastest dev version of OpenSSL 1.1.1 and build SoftHSM2 against OpenSSL and not alternative crypto libraries.
The Screenshots were made on a much younger Debian 10 distribution, maybe use the latest Ubuntu version and build again.