Lib.rs

Cryptography
#pkcs11 #pkcs #cosmian #kms #provider #hsm #key #linux

cosmian_pkcs11

HSM PKCS#11 provider for Cosmian KMS

by Emmanuel Coste, Bruno Grieder

1 unstable release

Uses new Rust 2024

0.4.0 May 9, 2025

#2841 in Cryptography

Download history 121/week @ 2025-05-06 35/week @ 2025-05-13 2/week @ 2025-05-20

158 downloads per month

BUSL-1.1

1.5MB
24K SLoC

A PKCS#11 provider for Cosmian KMS

This project builds libraries for Linux, MACOS and Windows, to use the Cosmian KMS as a PKCS#11 provider.

The PKCS#11 standard defines an API for cryptographic devices, such as hardware security modules ( HSMs) and smart cards. The Cosmian KMS is a cloud-based cryptographic service that provides a secure and scalable key management solution.

The PKCS#11 2.40 standard is available at https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html

The primary goal is to support the Cosmian KMS as

  • a Veracrypt keyfiles provider,
  • a LUKS keys provider,

but it can be used with any application that supports PKCS#11.

Prim'x

Generating a private key and certificate:

cosmian.exe certificates certify -t disk-encryption -c primx --generate-key-pair --algorithm rsa2048 --subject-name "CN=Disk Encryption,OU=Org Unit,O=Org Name,L=City,ST=State,C=US" --certificate-extensions F:\primx.extensions` (exit code: 1)
PS F:\projects\kms> cargo run --bin cosmian -- certificates certify -t disk-encryption -c primx  --generate-key-pair --algorithm rsa2048 --subject-name "CN=Disk Encryption,OU=Org Unit,O=Org Name,L=City,ST=State,C=US" --certificate-extensions F:\primx.extensions

Dependencies

~75MB
~1.5M SLoC

OSZAR »