CryptoScript SDK
Software Development Kits (SDK)

CryptoScript SDK

CryptoScript - The Most Efficient Development Kit for HSM Customization

CryptoScript SDK PCI Cards
  • Highly efficient implementation of HSM extensions
  • Enables easy script programming
  • For SecurityServer HSMs built on CryptoServer Se Gen2- and CryptoServer CSe-series
Key Benefits

Key Benefits


Unprecedented Capabilities for HSM Customization

Custom script HSM extensions, such as key derivation functions or complex protocols with unprecedented ease.


Full Development Control

Enables full control of all HSM extensions, without the need for review and approval by Utimaco.


Highly Efficient Development

Benefit from the description of internal programming interfaces (APIs) and complete HSM base firmware access for the purpose of implementing scripts in minimal time.



CryptoScript - The Most Efficient Development Kit for HSM Customization



CryptoScript SDK from UTIMACO is a development kit that enables script extensions for SecurityServer HSMs built on CryptoServer Se Gen2- and CryptoServer CSe-series extremely easy and secure.

Commonly used cryptographic APIs such as PKCS #11 or JCE support numerous cryptographic algorithms and mechanisms although they are often not suited for utilization in certain use cases. Customized script extensions are required when specific data processing operations are not supported by these standard APIs, or when multiple API calls are needed but would return sensitive intermediate results to the host computer..

Custom HSM extensions, such as key derivation functions or complex protocols, can be created as scripts that are interpreted and executed within the tamper-proof environment of SecurityServer HSM using CryptoScript SDK . The scripts are written in a Lua-derived managed language, and benefits from the security of firewalled execution and managed memory with automatic garbage collection.

It has never been easier and more efficient to extend HSM functionality.
A comprehensive set of methods providing access to the cryptographic algorithms, long-number arithmetic, random number generation and other underlying HSM functions limits the need for custom code to a bare minimum. This makes development cycles for implementation, testing and fixing HSM extensions substantially shorter than for traditional firmware development. The SecurityServer firmware includes an HSM simulator that allows the testing and debugging of new scripts in a preferred development environment.

Full control over the functionality and interface of scripts can always be maintained. All developments are independent from review, approval or code signing by Utimaco.


  • Supports managed programming language with security monitor, derived from Lua scripting
  • CryptoScript compiler runs inside the tamper protected HSM
  • Secure managed memory
  • Support for multiple scripts with private databases and firewalling    

Full Control

  • Provides full control over script functionality with manufacturer-independent development
  • No review or approval required by Utimaco
  • Optimal application integration with custom HSM interface    

Easy to use

  • Script programming
  • Comprehensive set of methods for use of cryptographic library, long number arithmetic, etc. from HSM firmware
  • Automatic garbage collection
  • Sample scripts and host-side applications
  • Provides an HSM simulator for testing and debugging of scripts in Windows or Linux development environments

Full Support of CryptoServer HSM Models

  • CryptoServer Se-Series Gen 2
  • CryptoServer CSe-Series
  • Support of hardware acceleration     

Supports Various Cryptographic Algorithms

  • RSA, DSA, ECDSA with NIST and Brainpool curves
  • DH, ECDH with NIST, Brainpool
  • AES, Triple-DES, DES
  • SHA-1, SHA-2, SHA-3, RIPEMD
  • Hash-based deterministic random number generator
  • True random number generator     

Attractive Price

  • Reduced price for HSMs in development environments
  • No additional license fees for runtime environments
  • No additional costs per script
  • All supported cryptographic algorithms are included


Utimaco’s general purpose HSM utilizes tamper-responsive technology to secure cryptographic key infrastructures, making it ideally suited for applications and market segments with high physical security requirements.

Find more details

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.