The toolkit has reached v2.0. It features several major changes:
- it supports (and requires) OpenSSL v1.1.1+
- signing commands (
p11mkcert,p11reqandmasqreq) implement OpenSSL algorithm methods. This will enable supporting more algorithms in the future. - major overhaul of the wrapping/unwrapping system: it is now possible to perform double wrapping (aka enveloppe wrapping) with a single command, in a secure fashion
p11keygencan now generate a session key and wrap it under one or several wrapping keys- a new command,
p11rewrap, allows to unwrap a key and immediately rewrap in under one or several wrapping keys, in a secure fashion. - helper scripts greatly enhanced, to support also
pkcs11-spy.soshim when executing a command. - support for more HSMs and cryptographic tokens included