Stack Overflow
Stack Overflow

Questions tagged [hsm]

Hardware Security Modules are devices designed to protect cryptographic key material and accelerate certain operations.

Hardware Security Modules are computer devices that provide a protected environment in which cryptographic keys can be generated, used and (in some cases) stored. Without using an HSM, cryptographic keys are exposed in RAM during their generation and use.

Some HSMs also contain special-purpose chips that offer acceleration for particular cryptographic operations, such as RSA signature generation or elliptic curve operations.

412 questions
5
votes
3 answers

HSM - cryptoki - opening sessions overhead

I am having a query regarding sessions with HSM. I am aware that there is an overhead if you initialise and finalise the cryptoki api for every file you want to encrypt/decrypt. My queries are, Is there an overhead in opening and closing…
Raj
  • 1,113
  • 1
  • 17
  • 34
5
votes
3 answers

Digital Signing using certificate and key from USB token

I want to sign a file using the user's key and certificate from a USB token (dongle). I have been searching on this for sometime, on stackoverflow and other sites, but didn't get anything useful apart from some good capabilities in .NET framework…
sg1
  • 477
  • 1
  • 4
  • 21
4
votes
1 answer

Use X509Certificate2 with Windows certificate store, HSM, and Azure Key Vault

I have many methods like the below which uses X509Certificate2.PrivateKey public SomeValue DoSomething(X509Certificate2 cert) { // do something that needs the cert.PrivateKey } They are working well so far with certificates that…
Thuan
  • 1,618
  • 1
  • 10
  • 21
4
votes
0 answers

How to establish TLS connection using HSM and OpenSsl

Background I have inherited the task to establish TLS 1.2 connection with server using cryptography token programmatically. The token in question is a read-only - does not allow extraction of private key - smart card. This token have been…
raidensan
  • 1,099
  • 13
  • 31
4
votes
3 answers

Microsoft Authenticode Code Signing ( EV ) + Google Cloud HSM?

Our company uses EV codesigning certificate on eToken usb dongle, but we are currently planning to move our build and signing procedures to virtual server in cloud, everything is fine, except one thing, it is codesigning process, GlobalSign allows…
Kracken
  • 662
  • 1
  • 11
  • 27
4
votes
1 answer

How to use CloudHSM to implement mutual TLS ( client side ) in Ruby

I'm asking this question after reading all of CloudHSM topics on StackOverflow, Cryptography, Information Security and CloudHSM forum but couldn't find anything helpful. Any idea or code snippet is helpful. We have a Ruby application that is…
user11822923
4
votes
1 answer

HSM decryption + encryption chaining

My application is acting as a switchboard to transfer very sensitive messages between two parties and I'm trying to figure out how I can do this without "looking" at the message they're trying to send. I have a HSM, and I've generated a keypair for…
Sudhir Jonathan
  • 16,998
  • 13
  • 66
  • 90
4
votes
1 answer

Unwrapping RSA encrypted AES key using Safenet HSM and Java leaks the unwrapped key

I am using a Safenet HSM (Hardware Security Module) to store my cryptographic keys, and I am trying to unwrap a secret key (AES/DES) encrypted with RSA using Java APIs and SunPKCS11. I would like to do this securely, so that unwrapped AES/DES key…
snesh
  • 71
  • 7
4
votes
1 answer

CloudHSM login/logout error

So i was trying to login/logout from AWS CloudHSM multiple times. The flow is the following: Have an open session (C_GetSessionInfo returns slot id 1, state 3, flags 6 while everything goes fine). If i'm logged in to this session, call C_Logout on…
h8red
  • 713
  • 4
  • 17
4
votes
1 answer

nCipher (Thales HSM) - There is no card in the slot

I'm trying to encrypt and sign a package with nCipher (Thales HSM), but when I try to do it, there is an exception saying that "There is no card in the slot". According to HSM admin there is a card, but it is not in the default slot, so one of the…
LuisEduardoSP
  • 401
  • 5
  • 11
4
votes
0 answers

Sign vmlinuz with SoftHSM?

We are working on Secureboot to secure our system from evil maid attacks. As part of securing the system, we sign the kernel and associated drivers. We use pesign tool to sign the kernel (vmlinuz). I tried to invoke PKCS engine from openssl to sign…
Ashok Vairavan
  • 1,862
  • 1
  • 15
  • 21
4
votes
0 answers

How to fix 'C_Initialize - This object is not connected to a module.' cryptoki dll error in x64bit Client?

I have a problem when I’m trying to access cryptoki.dll from x64 Client. It worked with x86 Client but it is not working with x64. What should I do to work with cryptoki.dll from x64 Client? signature.addKeyInfo(new…
TEngineer
  • 95
  • 1
  • 18
4
votes
1 answer

Empty result in loading certificates from SafeNet HSM

I have a certificate on SafeNet HSM and i can browse HSM slots and see certificates. But when i try to load certificate with java keytool i get this message "your keystore containes 0 entries". below is explanation how do i connect to HSM. this is…
Leon
  • 198
  • 8
4
votes
3 answers

How clients are verified in Safenet Luna SA HSM?

How Safenet Luna SA HSM clients are verified when the clients are registered using hostname ?
Buzz LIghtyear
  • 480
  • 5
  • 16
4
votes
3 answers

Thales Payshield HSM RSA Private Key

We are migrating from Thales 8000 to Thales Payshield 9000. We generated an RSA Key Pair in 8000 (with EI - Generate a Public/Private Key Pair command). We stored the public key on the host and loaded the private key to the HSM's tamper-protected…
adaptor
  • 43
  • 2
  • 5
1 2
3
27 28