Skip to main content

Prerequisites summary

ComponentBuild toolKey dependencies
hls-hsmCMake 3.20+, g++ C++17None
pkcs11-daemonCMake, g++ C++17OpenSSL, SQLite3
liboqs_testCMake, gccliboqs
hsm_test.cgcclibsofthsm2, dl

hls-hsm

The core HSM simulation library. No third-party dependencies. Requirements: CMake 3.20+, g++ with C++17 support.
1

Create the build directory and configure

From the repository root:
cmake -S hls-hsm -B hls-hsm/build
2

Compile

cmake --build hls-hsm/build
3

Run

./hls-hsm/build/hls_hsm

pkcs11-daemon

The PKCS#11 daemon with RSA key generation, SQLite-backed vault, and SD card import support. Requirements: CMake, g++ with C++17 support, OpenSSL development headers, SQLite3 development headers. liboqs-dev is optional and required only for post-quantum support.
1

Install system dependencies

sudo apt-get install libssl-dev libsqlite3-dev
For post-quantum (Dilithium) support, also install:
sudo apt-get install liboqs-dev
PQC support is currently a stub. Crypto::pqc_generate() always returns an empty string regardless of whether liboqs is installed. Installing liboqs-dev is not required for the build to succeed.
2

Create the build directory and configure

From the repository root:
cmake -S pkcs11-daemon -B pkcs11-daemon/build
3

Compile

cmake --build pkcs11-daemon/build
4

Run

./pkcs11-daemon/build/pkcs11-daemon
On startup the daemon:
  1. Opens (or creates) vault.db
  2. Starts the SD card port watcher thread
  3. Generates and stores an RSA-2048 key as "default-rsa"
  4. Generates and stores a PQC stub as "default-pq"

liboqs_test

A standalone test binary that exercises the liboqs post-quantum cryptography library. Requirements: CMake, gcc, liboqs-dev.
1

Install liboqs

sudo apt-get install liboqs-dev
2

Create the build directory and configure

From the repository root:
cmake -S liboqs_test -B liboqs_test/build
3

Compile

cmake --build liboqs_test/build
4

Run

./liboqs_test/build/liboqs_test

hsm_test.c

A C program that exercises PKCS#11 functions against a SoftHSM2 token by loading the shared library at runtime with dlopen/dlsym. Requirements: gcc, libsofthsm2-dev.
1

Install SoftHSM2

sudo apt-get install libsofthsm2-dev
2

Compile

gcc -o hsm_test hsm_test.c \
  -I/usr/include/softhsm2 \
  -lsofthsm2 -ldl
3

Initialize a SoftHSM2 token (first run only)

softhsm2-util --init-token --free --label FirmwareHSM
softhsm2-util --show-slots
Note the slot ID printed by --show-slots. You will need it to configure hsm_test.c or pass it at runtime.
4

Run

./hsm_test

Common build errors

Error:
CMake 3.20 or higher is required. You are running version X.Y.Z
Fix: Install a newer CMake from the CMake downloads page or via pip:
pip install cmake --upgrade
Error:
fatal error: openssl/evp.h: No such file or directory
Fix:
sudo apt-get install libssl-dev
Error:
fatal error: sqlite3.h: No such file or directory
Fix:
sudo apt-get install libsqlite3-dev
Error:
Could not find package configuration file provided by "liboqs"
Fix:
sudo apt-get install liboqs-dev
If liboqs-dev is not available in your package manager, build from source:
git clone https://github.com/open-quantum-safe/liboqs.git
cd liboqs && mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr ..
make -j$(nproc) && sudo make install
Error:
/usr/bin/ld: cannot find -lsofthsm2
Fix:
sudo apt-get install libsofthsm2-dev
Error:
error: 'std::string_view' is not a member of 'std'
or similar C++17 feature errors.Fix: Ensure you are using g++ 7 or later:
g++ --version
sudo apt-get install g++

Build docs developers (and LLMs) love

Get started for freeTalk to us