macOS
brew install softhsmlocal Homebrew formula metadata
sudo port install softhsmMacPorts ports tree · security/softhsm/Portfile · source: api.github.com
brew
Cryptographic store accessible through a PKCS#11 interface. Version 2.7.0 via Homebrew; verified 2026-07-05.
install
brew install softhsmlocal Homebrew formula metadata
sudo port install softhsmMacPorts ports tree · security/softhsm/Portfile · source: api.github.com
sudo apk add softhsmAlpine Linux edge package indexes · softhsm · source: dl-cdn.alpinelinux.org
sudo dnf install softhsmFedora Rawhide package metadata · softhsm · source: dl.fedoraproject.org
nix profile install nixpkgs#softhsmnixpkgs package indexes · pkgs/by-name/so/softhsm/package.nix · source: api.github.com
sudo pacman -S softhsmArch Linux sync databases · softhsm · source: geo.mirror.pkgbuild.com
sudo zypper install softhsmopenSUSE Tumbleweed package metadata · softhsm · source: download.opensuse.org
overview
Cryptographic store accessible through a PKCS#11 interface
history
SoftHSM is a software implementation of a cryptographic token store exposed through PKCS#11, originally created for OpenDNSSEC and later maintained as a standalone security project.
The official SoftHSM site and README both state that SoftHSM began as part of the OpenDNSSEC project. OpenDNSSEC needed to store and handle cryptographic keys through PKCS#11, but requiring a physical hardware security module would have limited who could test or deploy the system.
SoftHSM answered that problem with a software implementation of a generic cryptographic device. Version 2 became the current line, adding stronger handling of sensitive material, unswappable memory support, and a more general crypto backend that can use Botan or OpenSSL.
The SoftHSMv2 GitHub repository was created in 2013 and remains active under the softhsm organization, while the project website points users to GitHub for source code and bug reporting.
SoftHSM spread beyond OpenDNSSEC because PKCS#11 is a shared interface used by many cryptographic applications. The README explicitly notes that SoftHSM can work with other cryptographic products through that interface.
The package is carried by Homebrew, Alpine, Fedora, MacPorts, Nix, Arch, and openSUSE according to the input package facts, which fits its role as a test and development HSM substitute on Unix-like systems.
Users install the library and command-line utilities, configure the token storage path in softhsm2.conf, initialize tokens with softhsm2-util --init-token, and then point PKCS#11-aware software at the SoftHSM module.
The default configuration file is /etc/softhsm2.conf, and the README documents SOFTHSM2_CONF as an override. Token backup is ordinary file backup of the configured token storage location.
SoftHSM is important to package maintainers because it makes PKCS#11 integration testable without special hardware. That matters for DNSSEC software, TLS tooling, signing infrastructure, CI systems, and applications that support smart cards or hardware security modules.
It is also a classic dependency-package artifact: most users care that the shared module, config file, utility commands, crypto backend, and p11-kit integration land in expected filesystem locations.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/softhsm2.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
softhsm2-dump-file | cli | global executable | |
softhsm2-keyconv | cli | global executable | |
softhsm2-util | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/softhsm/SoftHSMv2
install metadata
| Package key | brew:softhsm |
|---|---|
| Version | 2.7.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/softhsm |
| Homepage | https://www.softhsm.org/ |
| Repository | https://github.com/softhsm/SoftHSMv2 |
| Upstream docs | https://github.com/softhsm/SoftHSMv2#readme |
| License | BSD-2-Clause |
| Source archive | https://github.com/softhsm/SoftHSMv2/archive/refs/tags/2.7.0.tar.gz |
| Last updated | 2026-07-05T00:14:30+09:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Build dependencies | autoconf, automake, libtool, pkgconf |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | softhsm |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
softhsm
nix profile install nixpkgs#softhsmsofthsm 2.7.0-r0
cryptographic store accessible through a PKCS #11
https://github.com/softhsm/SoftHSMv2
sudo apk add softhsmsofthsm-doc 2.7.0-r0
cryptographic store accessible through a PKCS #11 (documentation)
https://github.com/softhsm/SoftHSMv2
sudo apk add softhsm-docsofthsm-static 2.7.0-r0
cryptographic store accessible through a PKCS #11 (static library)
https://github.com/softhsm/SoftHSMv2
sudo apk add softhsm-staticsofthsm 2.7.0-0.1.rc1.fc44.1
Software version of a PKCS#11 Hardware Security Module
sudo dnf install softhsmsofthsm-devel 2.7.0-0.1.rc1.fc44.1
Development package of softhsm that includes the header files
sudo dnf install softhsm-develsofthsm 2.7.0-1
Software PKCS#11 store
https://opendnssec.readthedocs.io/en/latest/softhsm2/
sudo pacman -S softhsmsofthsm 2.6.1+git.1732869438.f7883c2-2.4
Software version of a PKCS#11 Hardware Security Module
sudo zypper install softhsmsofthsm-devel 2.6.1+git.1732869438.f7883c2-2.4
Development package of softhsm
sudo zypper install softhsm-develsofthsm
sudo port install softhsmsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.