FFI::Pkcs11

Minimalistic Ruby FFI bindings for using a "Cryptoki" (PKCS11) library.

Add this line to your application's Gemfile:

gem 'ffi-pkcs11'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ffi-pkcs11

In order to use a PKCS11 function, one should prefix the function with the Pkcs11 module name e.g.

result = Pkcs11.C_Initialize(nil)
if result == Pkcs11::CKR_OK
[...]

session = Pkcs11::Session.new
session.open(slot_id) do |_|
  session.login(pin) do |_|
    return_value = Pkcs11::C_Digest(session.session_handle,
                                    some_data,
                                    some_data_size,
                                    digest_data,
                                    digest_data_length)
    if return_value.ok?
    [...]

After checking out the repo, run bin/setup to install dependencies. Then, run bin/rspec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

The tests are using a software-only PKCS11 implementation SoftHSM.

It is initialized using the following command: softhsm2-util --init-token --slot 0 --id 0x00 --label 'zero' --pin 1234 --so-pin 5678

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Bug reports and pull requests are welcome on GitHub at https://github.com/touchardv/ffi-pkcs11.