Skip to content

Getting Started with the PKCS#11 Fuzzer

On this page we will show you how to use the Cryptosense PKCS#11 Fuzzer to obtain a trace from your PKCS#11 device.


Before you use the PKCS#11 Fuzzer, make sure you have followed the installation instructions.

Make sure the device you want to test is connected. For hardware PKCS#11 devices you need to know the location of the PKCS#11 DLL, as well as the user PIN.

Make sure that you have backups for all key materials before running Cryptosense Fuzzer on a device. Cryptosense Fuzzer should not delete preexisting keys, but it tends to reveal firmware and driver bugs and those bugs may in turn require you to reset the device.

Fuzzing an PKCS#11 device

Choose a directory where you have write access to store the result of the fuzzing process. Put the cs-fuzzer executable inside it and run the following command:

./cs-fuzzer \
    --dll /path/to/library
    --pin 1234
    --output trace.cst.gz

When the PKCS#11 Fuzzer has finished executing, you'll find a trace.cst.gz trace file in your directory.

This trace file is now ready for uploading to the Cryptosense Analyzer Platform. The trace file where the PKCS#11 Fuzzer writes the trace can be changed with the --output option. See the manual to get a list of the available options, learn how to use those options and learn what else you could do with the PKCS#11 Fuzzer.