- implements .NET wrapper for unmanaged PKCS#11 libraries
- is compliant with PKCS#11 v2.20 specification and PKCS#11 URI scheme defined in RFC 7512
- is compatible with .NET Framework 2.0 (and higher), Mono, Xamarin and Silverlight5
- is supported on Windows, Linux, Mac OS X, Android and iOS
- is supported on both 32-bit and 64-bit platforms
- is open source and completely free for commercial use
- is used in production by several information security and financial organizations
- uses 100% managed and fully documented code
- contains code samples covering all methods of PKCS#11 API
PKCS#11 is cryptography standard maintained by the OASIS PKCS 11 Technical Committee (originally published by RSA Laboratories) that defines ANSI C API to access smart cards and other types of cryptographic hardware.
Pkcs11Interop is managed library written in C# that brings full power of PKCS#11 API to the .NET environment. It loads unmanaged PKCS#11 library provided by the cryptographic device vendor and makes its functions accessible to .NET application.
Above figure presents the typical usage of Pkcs11Interop library in .NET application.
Pkcs11Interop has been confirmed to be working with the following devices:
- Atos CardOS (former Siemens CardOS) smartcard
- Thales nShield Solo (former nCipher nShield) HSM
- SoftHSM (virtual HSM from OpenDNSSEC project)
- Feitian ePass 2003 token
- SafeNet ProtectServer HSM
- SafeNet Luna SA HSM
- Utimaco CryptoServer HSM
- Belgian and Slovak eID cards
Pkcs11Interop API is fully documented with the inline XML documentation that is displayed by the most of the modern IDEs during the application development. Detailed Pkcs11Interop API documentation is also available online.
Following topics are covered by the standalone documents:
It is also highly recommended that before you start using Pkcs11Interop you should get familiar at least with "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 v2.20 specification.
Current stable version of Pkcs11Interop is 3.1.0:
All official items are signed with GnuPG key or code-signing certificate of Jaroslav Imrich.
Pkcs11Interop is available under the terms of the Apache License, Version 2.0.
Human friendly license summary is available at tldrlegal.com but the full license text always prevails.
Pick one of the options that best suits your needs:
Following interesting projects are worth checking out:
GUI tool for administration of PKCS#11 enabled devices based on Pkcs11Interop library
Integration layer for Pkcs11Interop and iText (iTextSharp) libraries
PKCS#11 logging proxy module useful for debugging of PKCS#11 enabled applications
Pure software implementation of a cryptographic store accessible through a PKCS#11 interface
Pkcs11Interop has been written by Jaroslav Imrich.