NAME
Crypt::HSM - A PKCS11 interface for Perl
VERSION
version 0.021
SYNOPSIS
my $provider = Crypt::HSM->load('/usr/lib/pkcs11/libsofthsm2.so');
my ($slot) = $provider->slots or die "No slots available";
my $session = $slot->open_session;
$session->login('user', '1234');
my %key_attrs = (label => 'my-key', class => 'secret-key');
my ($key) = $session->find_objects(\%key_attrs)
or die "No such key 'my-key'";
my $iv = $session->generate_random(16);
my $ciphertext = $session->encrypt('aes-gcm', $key, $plaintext, $iv);DESCRIPTION
This module interfaces with any PKCS11 library to use its cryptography.
-
This represents a PKCS11 provider, typically a piece of cryptographic hardware. A provider may have one or more slots.
-
This represents a slot on the provider. A slot may or may not contain a token; this distinction is only relevant on providers that can swap tokens (e.g. smartcard readers), on others there will always be a token in the slot that can't be swapped. A token is a data container, and as such performs cryptographic operations for its sessions.
-
This represents a session on a token / slot. It may or may not be. It may contain session data (e.g. keys not stored on the token) in addition to its token data.
-
This represents a cryptographic stream. There are two types of stream that produce a result of similar length as the input: encrypt and decrypt; and 2 that return a fixed sized product: digest and sign; and one that returns a bool: verify.
METHODS
load($path)
This loads the pkcs11 found a $path, and returns it as a new Crypt::HSM::Provider object.
AUTHOR
Leon Timmermans <fawaka@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2023 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.