This project offers a plugin to OpenSSL (3.0.7+, 3.1, 3.2, 3.3, 3.4, 3.5) for the purpose of generating and using cryptographic keys on a Luna General Purpose HSMs, and more specifically Luna Network HSMs.

lunaprov is based on the PKCS#11 specification, with some Luna specific extensions.

It has been tested with the Luna Network HSM.

lunaprov allows to:

• Create classic keypair (RSA, DSA, EC), using Open SSL 3.0 and above.
• Create keypair (PQC, ED25519/448, X25519/448), using Open SSL 3.2 and above.
• Sign certificate or other data.
• Establish TLS connection (certificate authentication, key exchange, KEM).

These operations require to create partitions, register clients, initialize user roles, etc. These tasks can be performed using:

• The Luna Universal Client
  • The Luna Shell (Lush)
  • The Luna client management tool (LunaCM).

• Operating System:
  • Linux RHEL 8.
  • Linux Ubuntu 20.
  • Windows Server 2016-2022.
• Thales software:
  • Client 10.7.1.
  • Appliance 7.7.1.
  • Firmware 7.7.1.
  • NOTE: if using Functional Modules then PQC FM 3.1.

• Development tools:
  • Linux:
    • gcc 8.3.1.
    • perl 5.16.3.
    • cmake3 3.17.5.
    • common UNIX commands.
  • Windows:
    • cl 19.00.24215.1 (Visual Studio 2015-2019).
    • perl 5.32.1 (ActiveState or Strawberry).
    • cmake 3.27.9 (Kitware).
    • common UNIX commands (MinGW or Cygwin).

See 'docs/README-CONTAINER-BUILD'.

For more details on the build, see the folder 'docs'.

The folder 'tests' contains scripts that exercise the HSM via openssl command line utility.

If you are interested in contributing to this project, please read the Contributing guide.

This software is provided under a permissive license.