Craton HSM
Craton HSM — Overview
Craton HSM
A PKCS#11 v3.0-compliant software Hardware Security Module written in pure Rust.
Craton HSM exposes the standard PKCS#11 C ABI so that any PKCS#11-aware application — OpenSSL engines, Java SunPKCS11, Firefox NSS, Thunderbird, pkcs11-tool, HashiCorp Vault, Kubernetes signers — can use it as a drop-in cryptographic backend. It ships as a cdylib and as a gRPC daemon (cratond) with mutual TLS for remote HSM access.
Two editions
| Core | Enterprise | |
|---|---|---|
| License | Apache-2.0 | Business Source License 1.1 (converts to Apache-2.0 after 4 years) |
| Crypto | RustCrypto (pure-Rust) | aws-lc-rs (FIPS), OpenSSL, Windows CNG, hardware HSM passthrough |
| FIPS | Gap analysis published; not CMVP-validated | FIPS 140-3 certification in progress (Level 1, target Q3 2027) |
| Auth | PIN-based (SO / User) | RBAC, LDAP, X.509, MFA, OIDC, dual-control |
| Scale | Single node | Raft cluster, KMIP server, Kubernetes CSI |
| Hardware | Software only | NXP HSE, Infineon SLB 9670/9672 TPM, vendor PKCS#11 passthrough |
| Audience | Developers, OSS integrators, evaluators | Regulated industries, enterprises, managed-service operators |
Start with Core if you need a transparent, auditable PKCS#11 implementation. Add Enterprise when you need FIPS validation, clustering, enterprise auth, or hardware backends.
Key features
Core
- Full PKCS#11 v3.0 C ABI with 70+ exported functions — covers session management, object lifecycle, classical and PQC signing/verification, encryption, key agreement, random generation, digesting, and multi-part streaming operations.
- Classical cryptography: RSA 2048 / 3072 / 4096, ECDSA P-256 / P-384, EdDSA Ed25519, AES-256 in GCM / CBC / CTR.
- Post-quantum cryptography: ML-KEM-768, ML-DSA-44 / 65 / 87, SLH-DSA-SHA2-128s, hybrid X25519+ML-KEM-768 (PQC crates are at RC versions; API may change before 1.0).
- SP 800-90A HMAC_DRBG with prediction resistance and continuous health tests — every key generation path runs through the DRBG.
- FIPS 140-3 Power-On Self-Tests: 17 self-tests (module-integrity check plus 16 Known Answer Tests) executed at load time; module refuses to initialise on failure.
- SP 800-57 key lifecycle: date-based activation/deactivation, automated state transitions.
- Memory hardening:
mlock/VirtualLockon key material,ZeroizeOnDrop, constant-time PIN comparison. - Tamper-evident audit log with chained SHA-256 hashes.
- Encrypted persistent storage: AES-256-GCM with PBKDF2-derived keys.
- gRPC daemon (
cratond) with mutual TLS for remote HSM access. - Admin CLI (
craton-admin) for token management, PIN operations, object browsing, and diagnostics.
Enterprise add-ons
craton-hsm-awslc— FIPS-validated crypto backend using aws-lc-rs (the basis of the planned Craton HSM FIPS 140-3 certification).craton-hsm-openssl— OpenSSL 3 crypto backend for environments standardised on OpenSSL.craton-hsm-cng— Windows Cryptography Next Generation backend (FIPS via Windows CNG).craton-hsm-pkcs11— PKCS#11 passthrough to upstream hardware HSMs (YubiHSM, Thales, Utimaco, SafeNet, etc.).craton-hsm-auth— RBAC, LDAP, X.509 cert, MFA, OIDC (oidc-authfeature), dual-control, tenant management.craton-hsm-cluster— Raft consensus and log replication for high availability.craton-hsm-kmip— KMIP 1.4 / 2.x key lifecycle server (TTLV wire encoding).craton-hsm-cloud— Kubernetes CSI driver, AWS KMS / Azure Key Vault / HashiCorp Vault shims.craton-hsm-nxp— NXP HSE hardware backend (S32G / S32K3 automotive MCUs) with software fallback.craton-hsm-infineon— Infineon SLB 9670 / SLB 9672 TPM 2.0 backend with software fallback.craton-hsm-certified— reproducible-build tooling, CMVP artifact generation, CAVP / ACVP harness.
Documentation layout
This documentation is organised as follows:
- Getting Started — install, quickstart, first token, examples.
- Architecture — components, storage, gRPC daemon, admin CLI.
- Cryptography — classical algorithms, post-quantum algorithms, DRBG, key lifecycle.
- PKCS#11 Interface — API reference, mechanisms, integrations.
- FIPS 140-3 — certification plan, gap analysis, FIPS mode, self-tests.
- Operations — configuration, runbook, audit, backup, troubleshooting.
- Security — security model, threat model, hardening, audit scope, fork safety.
- Enterprise — BSL-1.1 add-ons and backends.
- Benchmarks — performance across platforms and versus peer HSMs.
- Guides — migration from SoftHSM, FIPS setup, post-quantum migration.
- Reference — tested platforms, compatibility matrix, FAQ, glossary.
- Project — roadmap, changelog, contributing, governance, advisories, license.
License
- Core — Apache License 2.0.
- Enterprise — Business Source License 1.1 with a four-year conversion to Apache-2.0.
Getting help
- Start with the Quickstart.
- For production deployments, read the Operator Runbook and the Security Model.
- Migrating from SoftHSM? See the Migration Guide.
- Report vulnerabilities privately per the Security Policy.