3

I want to implement part of HSM but first I need to simulate it in software. I want to have a complete isolated enviroment(?) that works like real HSM. My chosen API is pkcs#11 .

should i do something like cryptech,implementing pkcs#11 as rpc ? Can i translate pkcs#11 commands and use one of the many cryptographic libraries that are available ? ( cryptlib & OpenSSL & ... )

PS : I know softHSM but i want something that i completely know how it works and i can configure it + good documentation which i didn't find about softHSM.

Thanks

h-sh-h
  • 61
  • 2
  • 8

2 Answers2

5

Some vendors provide an emulated/simulated HSM environment, at least:

But to be honest I do not understand your SoftHSM dislike as basically all you need to know is the PKCS#11 API (moreover you can see the source code -- you couldn't ask for more insight).

Good luck!

EDIT>

[Given your comment]: The publicly available security policies of existing devices might be an interesting read to get some insight into HSM internals.

vlp
  • 7,811
  • 2
  • 23
  • 51
  • Thanks for response. The point is i'm not someone who wants to use HSM, i want to know how HSM's designed ( specially in firmware layer ). how they translate PKCS#11 and use cryptography libraries. I definitely admire SoftHSM as an open source product ( and i really love to know more about it ) but for someone like me who wants to learn whats going on "in" the SoftHSM, i found lack of documentation. ( surely i have lack of information about designing, but i really appreciate someone who help me in this journey ) – h-sh-h Sep 21 '16 at 16:55
  • 1
    @h-sh-h I am afraid no vendor would provide such information. See edited answer with an interesting source an HSM internals. – vlp Sep 22 '16 at 20:25
0

We can share an HSM simulator which is based on the HSM's firmware and provides full PKCS#11 support. Would that be an option?

Vojtech Ruzicka
  • 16,384
  • 15
  • 63
  • 66
jacques
  • 16
  • 1
  • Thanks for answering. That's exactly what i'm looking for "what HSM's firmware doing" and simulate this layer. i'm not intrested in how cryptographic algorithms are done in hardware, i really want to know how PKCS#11 commands are translate to lower layers. – h-sh-h Sep 20 '16 at 16:16
  • Excellent. Please fill out our contact form at https://hsm.secbss.com/pl/kontakt and we'll be sending You the download link directly. – jacques Sep 20 '16 at 16:38