Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Below is a description of all the components shown in the diagram.

PKCS#11 interface

The PKCS #11 PKCS#11 interface (dark orange, at the top) is just that: an implementation of the PKCS #11 PKCS#11 interface version 2.30. It is the only interface layer that SoftHSM v2 exposes to the outside world. All calls from outside the library enter here and are passed on to the other components that make up SoftHSM v2.

...

The session manager component tracks all PKCS #11 PKCS#11 session and the associated state. It also manages session objects.

...

The slot managers component is responsible for managing all PKCS #11 PKCS#11 slots and their associated tokens. All tokens loaded from the secure object store configured in the SoftHSM v2 configuration file are always present in a slot. A design decision was made to always have one extra slot available that contains a blank token. Calling C_InitToken on this slot can be used to create a new token.

...

The user manager component is tracks the state of the PKCS #11 PKCS#11 user credentials. These consist of the user PIN and the security officer (SO) PIN. The user manager knows per token whether or not the token is logged in.

...

The secure object store component forms the backend storage of SoftHSM v2. It stores PKCS #11 PKCS#11 objects in a directory structure organised as follows:

...

Key derivation from the PIN is performed using PKCS #5 PKCS#5 methodology for key derivation.

...