Pkcs11 Tools Versions Save

A set of tools to manage objects on PKCS#11 cryptographic tokens. Compatible with many PKCS#11 library, including major HSM brands, NSS and softoken.

v2.6.0

10 months ago

added

  • support for AWS Cloud HSM. Check documentation for limitations.

fixed

  • with recent versions of GCC, compilation issue with lexx and yacc produced source code (PR #38)
  • when automake<1.14 is used, use an older, compatible commit for gnulib

updated

  • gnulib in now built from a stable branch, stable-202307

v2.5.1

1 year ago

added

  • adding -S option flag for p11keygen, for enabling key generation when logged in as Security Officer (PR #33)

fixed

  • fixed a few memory management issues, preventing to import EC public keys when using p11keygen, p11unwrap and p11importpubk.

v2.5.0

2 years ago

Added

  • CKA_ALLOWED_MECHANISMS support for all key management utilities (p11keygen, p11wrap, p11unwrap, p11rewrap, p11ls, p11od)

Fixed

  • p11wrap: fixed memory leaks

v2.4.2

2 years ago

Fixed

  • p11ls: removed duplicate CKA_CHECK_VALUE attribute from C_GetAttributeValue() call on secret keys (may cause issues on some PKCS#11 tokens)

v2.4.1

2 years ago

Fixed

  • template content is no more wrapped/displayed if length is not a multiple of CK_ATTRIBUTE structure, to ignore templates incorrectly reported by some tokens

v2.4.0

2 years ago
  • support for template attributes on most commands

v2.3.1

2 years ago
  • some of the mgf argument values for p11wrap, p11rewrap and p11keygen were incorrect. The documentation has also been adjusted (issue #30)
  • p11more, p11req, p11mkcert and p11cat could not deal with Edwards curve if the curve parameter was specified as a named curve (issue #32)

v2.3.0

3 years ago
  • added p11kcv the ability to specify a buffer length, when performing HMAC key check values (default is 0).

v2.2.0

3 years ago

This minor release adds the following features:

  • p11kcv will compute a Key Check Value on CK_GENERIC_SECRET keys as well. These are mapped to HMAC-SHA256.
  • p11slotinfo now prints library information
  • support for FreeBSD ports and packaging
  • for Edwards curve based keys, allow providing curve name instead of OID when generating a key

v2.1.3

3 years ago

Fixes

  • ensure that OpenSSL 1.1.1e or above is used, detected during configure now, issue #27
  • ensure that threading library is referenced, to allow building with static OpenSSL library without having to specify additional library with LIBS