Expand description
Kryoptic software token provider.
Kryoptic is a FIPS 140-3 validated software cryptographic module providing PKCS#11 2.40+ compliance. It’s useful for development, testing, and environments where hardware HSM is not required.
§Library Path
Kryoptic is typically user-installed and the library path varies:
- Linux:
~/.local/lib/libkryoptic.soor/usr/local/lib/libkryoptic.so - macOS:
~/Library/Frameworks/libkryoptic.dylib
Set KRYOPTIC_PKCS11_MODULE environment variable to override.
§Use Cases
- Local development without HSM hardware
- CI/CD testing pipelines
- FIPS 140-3 compliance in software-only deployments
§Production Considerations
While Kryoptic is FIPS 140-3 validated, it does NOT provide:
- Physical tamper protection
- Hardware-backed key storage
- Key extraction resistance
Do NOT use for production CA keys or environments requiring NIAP CA PP compliance with hardware security requirements.
Functions§
- default_
library_ path - Default PKCS#11 library path.
- provider_
config - Get the default provider configuration for Kryoptic.
- supported_
mechanisms - Mechanisms supported by Kryoptic.