WebSSL is a cryptographic library built to run within a Hardware Security Module and provides a universally accessible interface. A cryptographic boundary encompasses the connection and execution enviroment, ideal for security sensitive projects, such as: PKI environments, Card Payment Systems, DNSSEC and Cryptocurrency wallets.

Runs within certified hardware

Private keys, session keys and secret data are processed within the secure environment of a HSM (Hardware Security Module)

RESTful Web Service Interface

HTTP/JSON Requests and Responses are used for the communication to the cryptographic library. Request and Responses are secured using the TLS protocol. Client certificates provide individual user authentication and segment key domains.

Standards compliant key and message formats

Standards compliant formatting provides interoperability with third-party toolkits. Keys, Certificates and Messages are PKCS#8, X.509 and PKCS#7 encoded, respectively.


WebSSL's API is split into six groups.

    • HSM This group contains methods to query the status and identity of the HSM.
    • GenPKey Use methods in this category to Generate Private Keys.
    • Cms CMS stands for Cryptographic Message Syntax, previously known as PKCS#7. This industry standard defines structures for signed, enveloped and encrypt data. These structures are often used as the building blocks  for more application specific data types.
    • req Methods within the Requests group create Certificate Signing Requests(CSR's), which are used during the enrollment phases of certificate creation.
    • x509 x.509 is the industry standard for PKI certificates.
    • ecies Choose a Eliptic Curve Integrated Encryption Scheme method for secure data transmission.

The comlete API documentation can be found at:

Developers Corner

The resources below are here to help developers learn how to utilise a WebSSL HSM within their own projects. Demos and source code are supplied with each use-case.

Demo Credentials Generator

Quickly generate yourself a asymmetric keypair and certificate, for development and test purposes. Your credentials will be delivered as a PKCS#12 file.


Coming Soon

Secure Email

Sign and Encrypt emails using the S/MIME standard and create your own secure server email notification script.


Coming Soon

Time Stamping

Coming Soon

ASN.1 Decoder

Use this tool to decode X509 Certificates and Certificate Signing Request.

Founded in 1983

Microexpert has been at the forefront of cryptographic design and development since 1983, having grown organically over the last 30+ years we have consistently supported the industry in delivering the highest quality, and through continuous training and development shaped our team to deliver the best service to our clients.

©2020 Microexpert. Registered number 01755695.