Skip to content

PKCS#11 Fuzzer getting started guide🔗

This guide explains how to use the SandboxAQ PKCS#11 Fuzzer to obtain a trace from your PKCS#11 device.


Before using the PKCS#11 Fuzzer, make sure you’ve followed the installation instructions.

Make sure the device you want to test is connected. For hardware PKCS#11 devices, you’ll need the location of the PKCS#11 DLL and the user PIN.


Make sure that you also have backups for key materials before running the PKCS#11 Fuzzer on a device. While the PKCS#11 Fuzzer won’t delete existing keys, it may encounter problems with software or drivers that could require a device reset.

Fuzzing a PKCS#11 device🔗

Navigate to a directory where you have write permissions. Move the cs-fuzzer executable file inside it and run the following command:

./cs-fuzzer \
    --dll /path/to/library
    --pin 1234
    --output trace.cst.gz

When the PKCS#11 Fuzzer has finished executing, the directory you chose earlier will contain the generated trace.cst.gz file.


You can change the directory where the PKCS#11 Fuzzer generates traces with the --output option.

Refer to the API Client documentation for instructions to upload a trace.

Refer to the PKCS#11 Fuzzer reference for a list of available parameters and how to use them.