SoftHSM 1.3.0

Version 1.3.0 of SoftHSM has now been released.

  • Can now read CKA_ALWAYS_AUTHENTICATE but does not use it.
  • Encryption and decryption using CKM_RSA_PKCS.
  • Support X.509 certificates. (Patch from Thomas Calderon)
  • Updated backup instructions.
  • Only a Security Officer can set CKA_TRUSTED to true.
  • The softhsm tool can set the value of CKA_TRUSTED.
  • Support Botan 1.10.0.
  • Better signing performance with a single element cache for the PK_Signer object.
  • Document README.MinGW describes how to build on Windows. (Text and patches contributed by Jaroslav Imrich)


  • API changes in Botan created a namespace collision.
  • API changes in Botan’s state handling.
  • BigInt::to_u32bit was accidently dropped in Botan. Adding it as a compatibility function to SoftHSM.
  • Better exception handling.
  • CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set if an incorrect PIN has been entered at least once.
  • Windows: Detect LoadLibrary.
  • Windows: Set CRYPTOKI_EXPORTS.
  • Windows: Load library correctly in softhsm.
  • Windows: Compatibility function for getpass.
  • Windows: Use _putenv and not setenv.
  • Windows: Generate the DLL file.
  • Windows: The softhsm tool will use the DLL file by default.
  • Windows: Log to EventLog.
  • Windows: Fix parsing of configuration file.
  • Windows: The check program now links with a shared libgcc in order to make the exceptions work.

Known issue:

  • Firefox does improper setting of CKA_DERIVE attribute during PKCS#12 import. See

Download the tarball from: softhsm-1.3.0.tar.gz

Comments are closed.