Skip to content

Trust1Team/t1c-native-pkcs11

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

native-pkcs11

pkcs11 module for native credential stores

native-pkcs11 is a crate for building PKCS#11 modules. Its primary use-case is authenticating with client certificates. native-pkcs11 aims to support native certificate stores (MacOS Keychain, Windows Platform Key Provider) out of the box. It can also be extended with a custom backend (see this section).

Host Software Compatibility

Software compatibility is a core goal of native-pkcs11. It is currently tested with

  • openssh
  • openvpn
  • Chrome
  • Firefox

If a native-pkcs11 module does not work for your software, please file an issue.

Building a Custom Backend

The native_pkcs11_traits::Backend trait can be implemented to add support for a new credential store. Backends are registered in the exported C_GetFunctionList function. In order to register your own backend, enable the custom-function-list feature on native-pkcs11 and export the method from your crate. For example:

use native_pkcs11::{CKR_OK, CK_FUNCTION_LIST_PTR_PTR, CK_RV, FUNC_LIST};
#[no_mangle]
pub extern "C" fn C_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV {
    native_pkcs11_traits::register_backend(Box::new(backend::MyBackend {}));
    unsafe { *ppFunctionList = &mut FUNC_LIST };
    return CKR_OK;
}

Releases

No releases published

Packages

No packages published

Languages

  • Rust 99.2%
  • Other 0.8%