PKCS#11 Change Log

New Features/Improvements/Bug Fixes

Release 4.13.2147


Release 4.11.2116

No changes

Release 4.9.2084

No changes

Release 4.8.2070

Support for logging X-Request-Id information (JIRA: PROD-4145).

Release 4.6.2045

Support for Oracle TDE heartbeat ciphertext caching (JIRA: PROD-3660).

Release 4.4.2028

Internal dependency (tokio/mio) updates

Release 4.3.2018

  • Added support for AES CMAC in PKCS#11 (JIRA: PROD-3418).
  • Fixed an error where PKCS#11 library creates threads even if CKF_LIBRARY_CANT_CREATE_OS_THREADS is passed (JIRA: PROD-3818).

Release 4.2.1500

  • Improvements to memory management of C_FindObjects while using PKCS#11 library (JIRA: PROD-3354).
    • Introduces opaque_objects_are_not_certificates = true setting.
  • Fixed PKCS#11 library where AES keys were getting created as HMAC when using "signing_aes_key_as_hmac" option (JIRA: PROD-3591).
  • Fixed issues in "AES-GCM Wrap" and "AES-CMAC" (JIRA: PROD-3425).

Release 4.1.1484

No Changes

Release 4.0.1467

No Changes

Release 3.27.1458

  • Added support for encrypted PKCS#8 format (API) (JIRA: PROD-1953).

Release 3.25.1443

  • Fixed an issue where integrating HSMG with nCipher fails with “pkcs11: 00000000 Error: Module 1 has failed”.

Release 3.23.1408

No Changes

Release 3.22.1383

No Changes

Release 3.21.1376

  • The default number of slots is reduced to 32 from 500:
    Applications use the Fortanix DSM PKCS#11 library to interact with Fortanix DSM for key management and cryptographic operations. The PKCS#11 specification has notions of slots and tokens, which correspond to physical entities in an HSM. Multiple clients or applications connecting to a token on an HSM have equal access to the entire keyspace. However, Fortanix DSM allows access to several applications simultaneously while guaranteeing strong cryptographic separation of key spaces. This is equivalent to every application having access to its own HSM. Fortanix DSM PKCS#11 library implements this by mapping the application credential to the user PIN, and by having an arbitrarily large number of slots (numbered from 0), with a single token (numbered 1) already initialized. The number of slots defaults to 32 (numbered 0-31) and can be configured through the environment variable FORTANIX_PKCS11_NUM_SLOTS.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful