Soft Tokens

Soft tokens provide a way to store keys with out any hardware. They can have a pkcs11 interface.

Examples include:

• OpenCryptoki
• http://people.su.se/~lha/soft-pkcs11/
• http://hg.opensolaris.org/sc/src/netvirt/usr/src/lib/pkcs11/

Cryptographic libraries

Cryptographic libraries are useful for an easier implementation of a soft token. The following list contains some of them with a brief description.

• BeeCrypt
  LGPL license.

• Botan
  Written in C++, BSD license.
  Supports the necessary algorithms.

• BouncyCastle
  Written in Java and C#. Open license.
  Supports the necessary algorithms.

• Catacomb
  Written in C. LGPL license.

• Cryptix
  Written in Java. BSD style license.

• Cryptlib
  Written in C. Non-commercial use license, with commercial terms available on the web site.
  Supports the necessary algorithms.

• Crypto++
  Written in C++. Mostly public domain files, although there are a few restrictions on the use of the collection.
  Supports the necessary algorithms.

• Flexiprovider
  Written in Java. LGPL and others licenses.

• libgcrypt
  Written in C. LGPL license.
  Supports the necessary algorithms.

• libmcrypt
  Written in C. LGPL license.
  Does not support DSA or RSA.

• LibTomCrypt
  Written in C. TDCAL license.
  Supports the necessary algorithms.

• MatrixSSL
  Written in C. GPL license.
  Does not support DSA or SHA > 1.

• MIRACL
  Written in C and C++ wrapper. Non-commerical use is free, commercial use terms are included in the package.

• Mozilla's NSS
  MPL, GPL and LGPL license.
  Supports the necessary algorithms.

• Nettle
  Written in C. LGPL license.

• OpenPGP SDK
  Written in C. Open license.
  Does not support DSA or SHA > 1.

• OpenSSL
  Written in C, Apache style license.
  Supports the necessary algorithms.

• XySSL
  Written in C. GPL and BSD license.

• yaSSL
  Written in C++. GPL license.
  Does not support DSA or SHA > 1.

A speed comparison of some libraries can be found on idlebox.net

Requirements

The requirements for the soft token are based on the HSM requirements.

1. General
- Must be a library that can be linked with other software.
- Must implement the PKCS11 interface v2.20, specified by RSA Labratories.
- Must be licensed under a BSD license.
- Must use a cryptographic library that is licensed under BSD.
- Should keep a log of important events.

2. Algorithms
- Must handle RSA, SHA1, and SHA256.
- Should handle DSA, MD5, SHA384, and SHA512.

3. Key management
- No private keys must be revealed via the PKCS11 interface.
- Private keys must be encrypted with a PIN, given by the user, when stored on the HDD.
- Must be possible to do backup of the keys.
- Must be able to manage 1000 1024-bit RSA key pairs.

4. Key generation
- Must be able to generate RSA keys of length 1024 and 2048 bits.
- Should be able to generate RSA keys of length greater than 512 bits.
- The user must be able to specify the exponent when generating the RSA keys.
- Should be able to generate DSA keys.

5. Sessions
- Must handle at least 2048 concurrent sessions.

6. Functions
- Must be able to create a hash with a given algorithm.
- Must be able to sign with a given algorithm.
- Should be able to verify with a given algorithm.