Bouncy Hsm is an developer friendly implementation of a cryptographic store accessible through a PKCS#11 interface. It can simulate HSM (hardware security module) and smart cards (also with a qualified area), it also includes a web administration interface and a REST interface.
Bouncy Hsm was created to facilitate the development and testing of applications using PKCS#11 devices. It is not intended for production data, as it does not implement any data and key protection in storage or during network calls.
The BouncyHsm project was created as an alternative to SoftHSMv2, due to ongoing problems I had using it.
(Screenshots from version 0.4.0)
- Multiple application and users access using PKCS#11 interface.
- Slot and crypto object management using web interface and REST API.
- Create/remove slots.
- Import P12/PFX files.
- Import crypto objects in PEM format.
- Generate CSR, generate self-signed certificate, import certificate from file.
- Generate keys.
- ...
- Possibility to simulate cards with a qualified area and a signature pin.
- Possibility to simulate protected authentication path using web interface.
- Supports RSA keys (with size 2-6K).
- Supports 80 named elliptic curves.
- Supports secrets (HMAC, derive,...)
- Supports AES keys.
- Supports mechanisms
- Supports custom profiles for mechanisms (To limit mechanisms to simulate a specific type of HSM or card).
- Same behavior and algorithm support across platforms and versions of Linux operating systems.
- Native PKCS#11 library without dependencies (no dependency hell, no permission configuration).
- BouncyHsm runs on all platform supported .Net 8.0. Moreover, it can be run as a Windows service and also works on Raspberry Pi Zero 2 W. Native lib BouncyHsm.Pkcs11Lib is awaitable for Windows x86 and x64, Linux x64.
- CLI tool for management.
Pull requests are welcome. If you are not sure about the change, open an issue first.
If the found error or changes refer to the PKCS#11 standard, please complete the link section of the standard.
See more rules in CONTRIBUTING.
- PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
- Software Ideas Modeler - tool in which the diagrams in the documentation were drawn
- NSwag studio - tool for generate OpenApi client
- Ako som robil BouncyHsm - My blog post about BouncyHsm development, technological decisions and reasons for development - in Slovak language