CryptpCorner softhsm2-util

SoftHSM2 view slot info and objects on a specific slot

Whenever you need to work with SoftHSM2 there is a need to view all your configured slots and the objects saved on these slots. As softhsm2-util is not very well documented I decided to support the cryptographic community by offering working usage examples of the main tool of SoftHSM2. This post will show how to view all SoftHSM slots and examine all objects on a specific SoftHSM slots. This working examples are based on version 2.6.1 and can be downloaded from OpenDNSSEC website.

List all SoftHSM2 slots

After installation of SoftHSM2 and once you created a few slots you can check your slot configuration with softhsm2-util and its option „–show-slots“

$ softhsm2-util --show-slots

Available slots:
Slot 1472789662
    Slot info:
        Description:      SoftHSM slot ID 0x57c8fc9e
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:    8db107a857c8fc9e
        Initialized:      yes
        User PIN init.:   yes
        Label:            label2
Slot 1574641475
    Slot info:
        Description:      SoftHSM slot ID 0x5ddb1f43
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:    3963656edddb1f43
        Initialized:      yes
        User PIN init.:   yes
        Label:            label1
Slot 2
    Slot info:
        Description:      SoftHSM slot ID 0x2
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

In this demo installation you see two initalized slots (Slot 1472789662 and Slot 1574641475) which may or may not hold keys already. You always will see at least one present token which is not initialized. After initializing two slots (0 and 1) this will be „Slot 2“. You can not use slot 2 unless you initialize it.

Examine all objects on a SoftHSM2 slot

The examination of the object on a SoftHSM2 slot is not possible with softhsm2-util, but you can use OpenSC pkcs11-tool to do so.

$ pkcs11-tool --modul /usr/local/lib/softhsm/libsofthsm2.so -l -O --slot 1574641475
 
Logging in to "label1".
Please enter User PIN:
Private Key Object; EC
  label:
  ID:         01
  Usage:      decrypt, sign, unwrap, derive
Public Key Object; EC  EC_POINT 384 bits
  EC_POINT:   04610436344cfd3f0c9216bc823fe243b8363736bd6b00c4109b2bcb276850e46fea3e3e93b45a533061b66f3a8999498cc20fbee58e650dcdd1cac745343b79d3eefd581d568a18f9230de61e23732b17e1e11bd4b9ba1ae6daae854139518309d350
  EC_PARAMS:  06052b81040022
  label:
  ID:         01
  Usage:      encrypt, verify, wrap, derive
Read PubKey (RSA slot)

In this example there are two key objects on the SoftHSM2 slot 1574641475. The first object with is 01 doesn’t have a label, but theID 01. It is the private key of a 384-bit ECC key. Unluckily I can not identify which ECC curve it is, but as I recently created the key I know it is a SECP384r1 key.

The second object is the public key corresponding to the private key above. Again this object does not have a label but it has an ID of 01. This same ID 01 possible as keys are always referred by their key type (private or public) first before referring their ID.

For the public key it is possible to export this object, the private key can not be exported using the tool. For SoftHSM2 this is not an big deal, as you easily can backup the SoftHSM2 database or storage files.

I will show some examples how to export the generated public key in another related post.

Related Posts

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.