14

I want to use a HSM (hardware security module) to create a signature of a XML file. I did a bit of research and am now a bit confused, though.

Can you please clarify those questions:

  1. What is meant with a key handle in JCE? I have read about it, that it is just a handle and the key is stored somewhere else. How can that be? From my understanding I either load the key into memory and use it, or the signing is done completely by a HSM and I only get the result, right?
  2. Does the PKCS#11 standard define a way so that the signature is generated in the HSM? I've read about tokens, but I am not sure about signing.
  3. The featurelist of my HSM states JCE and PKCS#11 separately. What does that mean?
  4. I thought PKCS#11 is a standard, and JCE defines classes to use that standard. Does JCE specify its own protocols?
Andy
  • 1,964
  • 1
  • 15
  • 29

1 Answers1

25

  1. What is meant with a key handle in JCE?
    A key handle (in JCE, PKCS#11, or most other cryptographic APIs) is simply a reference that enables you to use a key without seeing its actual value. That is good: you can have the key permanently stored in a secure place (e.g. an HSM) with the assurance that nobody will be able to copy it and run away with it - as it may happen if the key is the application space. Unlike a physical safe though, you can still perform cryptographic operation without running any security risk of key leakage.

  2. Does the PKCS#11 standard define a way so that the signature is generated in the HSM?
    PKCS#11 is a C API for cryptographic tokens. A token is a PKCS#11 abstraction for any device or program that offers services described by such API. The API defines which operations you can perform using the objects inside the PKCS#11 token: some objects are non sensitive, and can be extracted (e.g. public keys); some others are sensitive and can only be used, via handles.
    If you have a handle to an object that supports signing, you can use the C function C_Sign to ask the token to authenticate some data provided by your application. The key does not leave the HSM.

  3. The featurelist of my HSM states JCE and PKCS#11 separately. What does that mean?
    Your HSM supports JCE in the sense that it comes with a native library that qualifies as a Cryptographic Service Provider.
    It supports PKCS#11 in the sense that it comes with a native library that offers a C PKCS#11 API.

  4. I thought PKCS#11 is a standard, and JCE defines classes to use that standard. Does JCE specify its own protocols?
    Indeed PKCS#11 is a standard; but it is not directly usable by languages other than C. You need a mapping layer that translates it into something compatible to your language. A PKCS#11 library (and the physical tokens that it abstracts) can be mapped to a JCE provider.

However, a JCE provider may have nothing to do with PKCS#11.

Andy
  • 1,964
  • 1
  • 15
  • 29
SquareRootOfTwentyThree
  • 7,606
  • 32
  • 43
  • Can you provide more info on 1. please! The API I use (XAdES4J, Java) uses a `PrivateKey` to create a signature. Is that a real key loaded to RAM, or just a handle? How could I - as a user - know? (I'm currently using a keystore only, so I can't just debug into it) – Andy Oct 22 '12 at 12:44
  • It depends on what backs your `KeyStore`. If it is PKCS#11 and your provider is your HSM, the key will not be loaded in RAM and will stay inside the HSM. You will only be dealing with the handle to it. – SquareRootOfTwentyThree Oct 22 '12 at 19:10
  • I'm still not clear on that handle-topic. Lets assume I have a private key "abcde" stored in my HSM slot 7. That gives me a handle with the id 7. Now I want to use that private key to create a signature. **I see only two options: a)** get the private key associated to the handle 7 and create the signature myself (that means knowing the secret, "abcde") or **b)** transfer the content for the signature to the HSM and tell it to use slot 7, and the HSM returns with the created signature. **Right?** Am I missing something here? – Andy Oct 23 '12 at 11:51
  • 4
    Option b) is the correct scenario. The HSM will not release the private key under normal circumstances if the key was created correctly. – SquareRootOfTwentyThree Oct 23 '12 at 17:56