Questions tagged [hardware-security-module]
60 questions
0
votes
0 answers
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
I'm having problems with my application that generates xml signed on windows. I am using the ESYA API library in .net core project.
iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
at…
Özlem Kozan
- 49
- 3
0
votes
0 answers
Unable to load the PKCS11_MODULE *.dll library using pkcs11
I'm facing a problem when running the following script:
import pkcs11
import os
# Initialise our PKCS#11 library
lib = pkcs11.lib(os.environ['PKCS11_MODULE'])
The last line raises an error saying :
ImportError: cannot import name '_pkcs11' from…
E_genin
- 55
- 4
0
votes
0 answers
macOS custom Keychain provider development
I would like to develop a macOS keychain integration with the network attached HSM storing the private key. However, I am unable to find the documentation describing the way how integration with the keychain works and what is the starting point for…
user1563721
- 1,373
- 3
- 28
- 46
0
votes
0 answers
Derive a secret using CKD_NULL derivation function and Bouncy Castle JAVA library
In this post, I answered my own problem about unwrapping a private key which has been wrapped out of a HSM using an EC master key. It implies using a derivation mechanism and a derivation function to issue a AES session key.
The code to implement…
3ric-T
- 31
- 5
0
votes
2 answers
Wrap-unwrap of private key using EC master key and Bouncy Castle
I want to wrap a private key out of a HSM, using an external EC key pair (master key) and then verify that I can recover it.
The wrapping occurs as follow:
Generate a secret AES key in the HSM, using the public part of the EC master key, the…
3ric-T
- 31
- 5
0
votes
1 answer
HSM SSL cert auto-renew
I am new to HSMs. We are looking at AWS CloudHSM OR Thales Luna Cloud HSM as providers. Getting the cert is pretty straightforward, but how to auto-renew? Has someone done this before?
I found these docs, but it looks like there is no tool for…
Nienaber
- 101
- 1
- 2
- 12
0
votes
0 answers
Pcks11Interop Method C_Login returned CKR_SESSION_HANDLE_INVALID
I am experiencing an issue as follows:
Method C_Login returned CKR_SESSION_HANDLE_INVALID
at Net.Pkcs11Interop.HighLevelAPI80.Session.Login(CKU userType, String pin) at PKCS11Service.Initialize() in PKCS11Service.cs:line 81 at…
Özlem Kozan
- 49
- 3
0
votes
1 answer
Connect to remote HSM with PKCS11interop
I'm just practising about Safenet soft HSM and PKCS11interop library. I am curios about how the librar decides to connect which HSM? I think the cryptoki library created in my local is configured to use local soft HSM. But I couldn't find any…
EyezBerg
- 1
- 2
0
votes
1 answer
How to get private key from HSM to sign XML doc
How to get private key from HSM to sign XML doc
I want to sign a XML document used HSM.
I loaded keystore, login and get certificate, but don't know how to get privateKey to use in sign function. So what's solution for it?
My code to load and get…
WinLord
- 11
- 4
0
votes
0 answers
Thales L8 command
Would any one happen to have a working example of the L8 command. My HSM responds with an error code of 78 so my main interest is the private key length field and how that is meant to look.
I have also gone through and made sure that I have the…
Eduardo Faustino
- 3
- 3
0
votes
0 answers
SignJWT : TypeError: Key for the ES256 algorithm must be one of type KeyObject or CryptoKey
I am trying to connect to gcloud ksm and the a sign a message. My private is loaded from the json file.
The isssue is, when i run the code. i get this error "TypeError: Key for the ES256 algorithm must be one of type KeyObject or CryptoKey. " at …
kams
- 45
- 1
- 12
0
votes
0 answers
SSL Handshake with private key HSM in C#.Net
I am developing an application in C# that requires to authenticate itself as client (mTLS and TLS 1.3). But the client private key is in HSM and cannot be extracted. Therefore, I need to find way to delegate signing operations to HSM during…
QuestXone
- 1
- 1
0
votes
0 answers
Why the AWS local keystore file has symmetric and asymmetric keys?
I generated a keypair in Cloud HSM by giving a keystore file.
I downloaded the keystore file and opened it in keystore explorer and I see symmetric and asymmetric key entries. As per AWS documentation, only the certificate corresponding to keypair…
arjunballa
- 25
- 3
0
votes
0 answers
How to sync AWS Cloud HSM keystore file across application on different aws instances?
Requirement:
We have an application running on more than one instance in a cluster that uses key pairs, certificates, and symmetric keys which are preloaded in AWS Cloud HSM.
What is the best way to provide the local keystore file which is created…
arjunballa
- 25
- 3
0
votes
1 answer
Wrap AES key with RSA public key - CKM_RSA_PKCS_OAEP
I am using iaik pkcs11 java trying to wrap an AES key with RSA public key.
Can someone please help me what is the issue with above params/code?
I am trying to wrap an AES key with RSA public key. Getting issue as Mechanism invalid
Mechanism…
menakshisundaram
- 153
- 1
- 5