SoftHSM 1.3.7 / 2.0.0 Beta 2

An Open Source implementation of a cryptographic store accessible through a PKCS#11 interface

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in SoftHSM 1.3.5:

  • Improves handling of a busy database.
  • Adds -Wall -Werror flags and fixes the warnings.
  • Fixes more warnings on EPEL.
Read full changelog
send us
an update
BSD License 
Rickard Bondesson
5.0/5 1
ROOT \ Security
2 SoftHSM Screenshots:
SoftHSM - Command-line options of the SoftHSM program, as viewed from the Linux TerminalSoftHSM - The usage example of the SoftHSM software, as viewed from the Terminal app
SoftHSM is an open source and completely free command-line software implemented in C++ and designed from the offset as to act as an implementation of a cryptographic store, which can be accessed only through a PKCS#11 interface.

The software can be easily used to explore PKCS#11 without having a HSM (Hardware Security Module) for OpenDNSSEC. It comes with a wide range of features implemented as command-line options, which can be viewed at a glance in the next section.

Features at a glance

Key features include support for signing DNS (Domain Name System) zones in order to seamlessly integrate them into an existing system, support for signing zone files, support for signing zone transfers via the AXFR (Authoritative Transfer) mechanism. Additionally, the program is fully automatic, supports manual key rollover (also known as emergency key rollover),

It’s scalable, flexible and secure

It’s a scalable software that can sing zones which contain numerous records, supports signing of one or multiple zones, and supports sharing of keys between zones. SoftHSM is also a very flexible application that lets you to easily define zone signing policy, such as signature interval, length of key or key lifetime.

The program is very secure and can be used on a wide variety of UNIX-like operating systems. It supports SHA2 and SHA1/RSA signatures, supports denial of existence via NSEC3 or NSEC, supports checking of the compatibility between OpenDNSSEC and HSM, offers a built-in auditing function that can be used to set up a DNSSEC (Domain Name System Security Extensions) testbed.

Among other interesting features, we can mention support for comparing outgoing signed zones with incoming unsigned zones, and uses the OpenDNSSEC software to store conscious cryptographic data in the Hardware Security Module (HSM), so it can communicate better with it via the industry-standard PKCS#11 interface.

SoftHSM was reviewed by , last updated on December 30th, 2014


#cryptographic store #PKCS#11 interface #Hardware Security Module #PKCS#11 #cryptographic #store #security

Add your review!