Managed .NET wrapper for unmanaged PKCS#11 libraries
This is master branch and it contains the current development version with several API breaking changes.
Current stable release can be found in 4.0.0 branch.
PKCS#11 is cryptography standard maintained by the OASIS PKCS 11 Technical Committee (originally published by RSA Laboratories) that defines ANSI C API to access smart cards and other types of cryptographic hardware.
Pkcs11Interop is managed library written in C# that brings full power of PKCS#11 API to the .NET environment. It loads unmanaged PKCS#11 library provided by the cryptographic device vendor and makes its functions accessible to .NET application.
Following figure presents the typical usage of Pkcs11Interop library in .NET application:
Pkcs11Interop library:
- implements .NET wrapper for unmanaged PKCS#11 libraries
- is compliant with PKCS#11 v2.40 specification and PKCS#11 URI scheme defined in RFC 7512
- is compatible with .NET Framework 2.0 and higher, .NET Core, Mono and Xamarin
- is supported on Windows, Linux, Mac OS X, Android and iOS
- is supported on both 32-bit and 64-bit platforms
- is open source and completely free for commercial use
- is used in production by several information security and financial organizations
- uses 100% managed and fully documented code
- contains code samples covering all methods of PKCS#11 API
Pkcs11Interop has been confirmed to be working with the following devices:
- Atos CardOS (former Siemens CardOS) smartcard
- Thales nShield Solo (former nCipher nShield) HSM
- SoftHSM (virtual HSM from OpenDNSSEC project)
- Feitian ePass 2003 token
- SafeNet ProtectServer HSM
- SafeNet Luna SA HSM
- Utimaco CryptoServer HSM
- Belgian and Slovak eID cards
- SmartCard-HSM
It is highly recommended that before you start using Pkcs11Interop you get familiar at least with "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 v2.20 specification (or equivalent chapters of any previous or subsequent specification version).
Pkcs11Interop API is fully documented with the inline XML documentation that is displayed by the most of the modern IDEs during the application development. Detailed Pkcs11Interop API documentation is also available online.
Following topics are covered by standalone documents:
- Pkcs11Interop library architecture
- Getting started with Pkcs11Interop
- Pkcs11Interop code samples
- Troubleshooting Pkcs11Interop with PKCS11-LOGGER
Archives with the source code and binaries can be downloaded from our releases page. Official NuGet packages are published in nuget.org repository. All official items are signed with GnuPG key or code-signing certificate of Jaroslav Imrich.
Pkcs11Interop is available under the terms of the Apache License, Version 2.0.
Human friendly license summary is available at tldrlegal.com but the full license text always prevails.
If you need help please pick one of the options that best suits your needs:
- Public issue tracker available at github.com
- Questions with pkcs11interop tag posted at StackOverflow.com
- Public mailing list available at pkcs11interop@googlegroups.com
- Commercial support and consulting from the original developer available at info@pkcs11interop.net
- Pkcs11Admin
GUI tool for administration of PKCS#11 enabled devices based on Pkcs11Interop library. - Pkcs11Interop.PDF
Integration layer for Pkcs11Interop and iText (iTextSharp) libraries. - PKCS11-LOGGER
PKCS#11 logging proxy module useful for debugging of PKCS#11 enabled applications. - SoftHSM2-for-Windows
Pure software implementation of a cryptographic store accessible through a PKCS#11 interface.
Pkcs11Interop has been written by Jaroslav Imrich.
Please visit project website - pkcs11interop.net - for more information.