-- Gilles Peskine On 24/02/2021 22:26, Gilles Peskine via mbed-tls wrote: > Hi Frank, > > I'm not sure what you're looking for. Do you mean open source projects > like Curl and Hiawatha that can use Mbed TLS as a cryptography provider? > Those are generally using the classic API, and so can't make generic use > of secure elements. I am aware of private projects using the limited > features available today (for example, TLS servers can use async private > key operations to put the key in an HSM — see > https://tls.mbed.org/kb/how-to/ssl_async). > > I've used SoftHSM in the past as a way to test portable PKCS#11 client > code without hardware. It did the job well. I can't speak for the > quality of its cryptography since I was only using it for testing. > > If you're looking for a generic interface between applications and > secure elements, then I would recommend PSA crypto over PKCS#11. We did > try to make PSA Crypto a better PKCS#11. Obviously I'm biased :) But of > course PKCS#11 is old and venerable, whereas PSA is new and the support > for hardware secure elements is still a work in progress. >