Create a tool for managing PKCS#11 tokens
Create a tool for managing PKCS#11 tokens. The tools needs to support (at least) the following operations:
-
Initialize a token -
Reset a token -
Generate a key -
Upload a key -
Display information about tokens and keys like the PINs' retry counts -
Change the user PIN -
Export the public key material -
Bind a key managed by a PKCS#11 token to an OpenPGP certificate
The implementation needs to support the following algorithms:
-
X25519 -
Ed25519 -
X448 -
Ed448 -
ML-KEM-786+X25519 -
ML-KEM-1024+X448 -
ML-DSA-65+Ed25519 -
ML-DSA-87+Ed448 -
SLH-DSA-SHAKE-128s -
SLH-DSA-SHAKE-128f -
SLH-DSA-SHAKE-256s
Note: DSA and Elgamal are out of scope as they are deprecated in RFC 9580. Likewise, RSA is out of scape, as RFC 9580 says that RSA keys "SHOULD NOT" be generated.
Edited by Neal H. Walfield