PKCS#11 Proxy to use with EJBCA

  • Roman

    Roman - 2014-06-18


    do you know about some PKCS#11 proxy that could be used with EJCBA?

    My situation is that I have a USB attached PKCS#11 enabled cryptographic device and EJBCA is installed on different machine. The only way how to access the USB device is through network.

    Is it possible?

  • Tomas Gustavsson

    PrimeKey has a P11 proxy, and I have seen from some other company as well. I do not know of any open source ones.


  • Roman

    Roman - 2014-06-19

    And I assume that there is no way how to get your P11 proxy without paid support... :)

    I tried to google a while for it and I found the following:
    - PKCS#11 Proxy from Gnome Keyring project (
    - caml-crush filtering PKCS#11 Proxy (

    Basically I can use my PKCS#11 middleware through network but in both cases I can't generate for example RSA key pair due to some RPC I think it wouldn't be usable without some debugging and modifications.

    But thanks I will try to fight with these open source proxies...

  • Tomas Gustavsson

    And I assume that there is no way how to get your P11 proxy without paid
    support... :)

    Correct. EJBCA needs support from large organizations in order to survive and evolve.


  • Roman

    Roman - 2014-07-01

    Now the caml-crush filtering PKCS#11 Proxy ( is fixed and it can be used as a PKCS#11 proxy.

    It is open source and have a very good security featrues. I tested it with EJBCA and everything works great.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks