Expand description
Utimaco CryptoServer HSM provider.
The Utimaco CryptoServer family provides high-performance cryptographic operations with flexible firmware-based key management.
§Platform-specific Library Paths
- Linux:
/usr/lib/libcs_pkcs11_R3.so(or/opt/utimaco/...for custom installs) - Windows:
C:\Program Files\Utimaco\CryptoServer\Lib\cs_pkcs11_R3.dll
§Firmware Slot Configuration
CryptoServer uses firmware “slots” which are logical partitions within the HSM. Each slot has:
- Independent key storage and access control
- Configurable PIN policies
- Per-slot mechanism enablement
Slot 0 is typically the administrator slot; user slots start at 1.
§Key Wrapping Support
Utimaco supports both AES Key Wrap and RSA-OAEP for key transport:
- CKM_AES_KEY_WRAP (RFC 3394)
- CKM_AES_KEY_WRAP_PAD (RFC 5649) for non-aligned key lengths
- CKM_RSA_PKCS_OAEP for RSA-based wrapping
Functions§
- default_
library_ path - Default PKCS#11 library path for Linux.
- provider_
config - Get the default provider configuration for Utimaco.
- supported_
mechanisms - Mechanisms supported by Utimaco CryptoServer.