LSM-PKCS11 helps implement Lite Security Modules with support packages.
The backbone of LSM-PKCS11 is a multi-threaded daemon that can easily run on a little dedicated system hosting Linux (or Windows NT/2000XP), allowing for a set of cryptographic operations via the OpenSSL library. These cryptographic functions are used to protect files, known as Security Boxes, containing various cryptographic items like public and private keys, certificates, data objects, and secret keys.
Accessing the daemon services is a breeze, as they can be accessed through a TCP/IP connection with the help of a shared library conforming to the PKCS#11 standard developed by RSA Laboratories (also known as the Criptoki). The PKCS#11 is part of the Public-Key Cryptography Standards (PKCS).
When developing LSM-PKCS#11, adherence to the PKCS#11 standard specifications was a high priority, allowing for seamless integration with applications using the PKCS#11 interface to access security tokens for digital signatures, as well as other cryptographic facilities. The first iteration of the package supports only the bare minimum of cryptographic mechanisms, including RSA, DSA, DES and DES3 encryption and decryption, RSA and DSA digital signature and verification, MD2, MD5 and SHA1 digesting, as well as random generation.
Further iterations will contain a wider variety of cryptographic mechanisms, but after an initial test, it's easy to conclude that LSM-PKCS11 is shaping up to be something quite special. Creating this package didn't take much effort and was only a month of evenings and holiday time (with a lot of gratitude from my wife, Laura), but any help is most welcome towards consolidating the package. Remaining activities include the deployment of a test environment, extending cryptographic capabilities, and the deployment of configuration utilities.
Version 1.1.1: N/A