CryptoScript SDK
Software Development Kits (SDK)

CryptoScript SDK

CryptoScript - The Most Efficient Development Kit for HSM Customization

CryptoScript SDK PCI Cards
  • Highly efficient implementation of HSM extensions
  • Enables easy script programming
  • For SecurityServer HSMs built on CryptoServer Se Gen2- and CryptoServer CSe-series
Key Benefits

Key Benefits


Unprecedented Capabilities for HSM Customization

Custom script HSM extensions, such as key derivation functions or complex protocols with unprecedented ease.


Full Development Control

Enables full control of all HSM extensions, without the need for review and approval by Utimaco.


Highly Efficient Development

Benefit from thedescription of internal programming interfaces (APIs) and complete HSM base firmware access for the purpose ofimplementing scripts in minimal time.



CryptoScript - The Most Efficient Development Kit for HSM Customization



CryptoScript SDK from UTIMACO is a development kit that enables script extensions for SecurityServer HSMs built on CryptoServer Se Gen2- and CryptoServer CSe-series i extremely easy and secure.

Commonly used cryptographic APIs such as PKCS #11 or JCE support numerous cryptographic algorithms and mechanisms although they are often not suited for utilization in certain use cases. Customized script extensions are required when specific data processing operations are not supported by these standard APIs, or when multiple API calls are needed but would return sensitive intermediate results to the host computer..

Custom HSM extensions, such as key derivation functions or complex protocols, can be created as scripts that are interpreted and executed within the tamper-proof environment of SecurityServer HSM using CryptoScript SDK . The scripts are written in a Lua-derived managed language, and benefits from the security of firewalled execution and managed memory with automatic garbage collection.

It has never been easier and more efficient to extend HSM functionality.
A comprehensive set of methods providing access to the cryptographic algorithms, long-number arithmetic, random number generation and other underlying HSM functions limits the need for custom code to a bare minimum. This makes development cycles for implementation, testing and fixing HSM extensions substantially shorter than for traditional firmware development. The SecurityServer firmware includes an HSM simulator that allows the testing and debugging of new scripts in a preferred development environment.

Full control over the functionality and interface of scripts can always be maintained. All developments are independent from review, approval or code signing by Utimaco.


  • Supports managed programming language with security monitor, derived from Lua scripting
  • CryptoScript compiler runs inside the tamper protected HSM
  • Secure managed memory
  • Support for multiple scripts with private databases and firewalling    

Full Control

  • Provides full control over script functionality with manufacturer-independent development
  • No review or approval required by Utimaco
  • Optimal application integration with custom HSM interface    

Easy to use

  • Script programming
  • Comprehensive set of methods for use of cryptographic library, long number arithmetic, etc. from HSM firmware
  • Automatic garbage collection
  • Sample scripts and host-side applications
  • Provides an HSM simulator for testing and debugging of scripts in Windows or Linux development environments

Full Support of CryptoServer HSM Models

  • CryptoServer Se-Series Gen 2
  • CryptoServer CSe-Series
  • Support of hardware acceleration     

Supports Various Cryptographic Algorithms

  • RSA, DSA, ECDSA with NIST and Brainpool curves
  • DH, ECDH with NIST, Brainpool
  • AES, Triple-DES, DES
  • SHA-1, SHA-2, SHA-3, RIPEMD
  • Hash-based deterministic random number generator
  • True random number generator     

Attractive Price

  • Reduced price for HSMs in development environments
  • No additional license fees for runtime environments
  • No additional costs per script
  • All supported cryptographic algorithms are included


Utimaco’s general purpose HSM utilizes tamper-responsive technology to secure cryptographic key infrastructures, making it ideally suited for applications and market segments with high physical security requirements.

Find more details



Our Partners

Look for the best implementation or distribution partner for your project.

Get in touch with us

Talk to one of our specialists and find out how Utimaco can help you today.