Stack Overflow
Stack Overflow

Questions tagged [hsm]

Hardware Security Modules are devices designed to protect cryptographic key material and accelerate certain operations.

Hardware Security Modules are computer devices that provide a protected environment in which cryptographic keys can be generated, used and (in some cases) stored. Without using an HSM, cryptographic keys are exposed in RAM during their generation and use.

Some HSMs also contain special-purpose chips that offer acceleration for particular cryptographic operations, such as RSA signature generation or elliptic curve operations.

412 questions
4
votes
2 answers

Application to HSM interaction security

I feel like I'm missing something. I know that HSM can give you 100% bulletproof protection of your keys, encrypted data, etc. But what prevent the attacker from stealing your sensitive data right after you accessed HSM and got your secrets copied…
Dmitry
  • 310
  • 4
  • 5
4
votes
1 answer

PKCS11 deriveKey() and encrypt() returning different results for 3DES

I am working on a key derivation problem using an HSM and PKCS11 and currently I can't understand why I see completely different results depending on whether I use the deriveKey() method as opposed to using the encrypt() method. In both cases I'm…
user1991762
  • 151
  • 1
  • 6
3
votes
2 answers

Does Azure Key Vault service support PKCS#11?

If not, does anybody offer FIPS 140-2 HSMs with PKCS#11 on the Azure marketplace?
Valo
  • 1,872
  • 2
  • 15
  • 23
3
votes
1 answer

Obtaining an AATL certificate to use in my cloud-based service

I'm looking to obtain an certificate from an AATL authority to use in iText to perform tamper-proofing signatures to PDF documents as part of a cloud application that I'm working on. As best as I'm able to determine, AATL certificates can be…
Alexander Trauzzi
  • 7,277
  • 13
  • 68
  • 112
3
votes
1 answer

Is it possible to secure the Android KeyChain with an HSM?

For security reasons I want to store my private key in the HSM and then share the private key with another app via the KeyChain. The KeyStore mentions that it can be backed by the HSM but I haven't found any documentation that states it's possible…
Josh Correia
  • 3,807
  • 3
  • 33
  • 50
3
votes
1 answer

Utimaco HSM providers

Utimaco HSM offers multiple connection API's - JCE/PKCS11/CSP. I am running a simulator setup on windows and imported 2 keys to internal storage with Utimaco CSP tool, but when I connect with JCE provider to the same device - the keystore is empty.…
Ulterior
  • 2,786
  • 3
  • 30
  • 58
3
votes
1 answer

Java 8 open windows custom csp provider and retrieve key

I am trying to find a way to load HSM key stored in Utimaco HSM CSP from JAVA So far I got leads from search that it would be possible with SunMscApi provider, but I cant find any example where I would specify Utimaco CryptoServer CSP as provider…
Ulterior
  • 2,786
  • 3
  • 30
  • 58
3
votes
1 answer

How to get public key from private key stored in HSMs

I have some private keys stored in the HSM but without public keys. I want to get the corresponding public key using PKCS11 interface. If the private key is a RSA key, I can extract the modulus from CKA_MODULUS and exponent from CKA_PUBLIC_EXPONENT,…
Jemmy1228
  • 141
  • 6
3
votes
1 answer

HSM returns a 67 byte ECDSA-secp256k1 public key, what does this mean?

I generate a key on the HSM through the Graphene library, except when I try to get the public key raw value by getting its 'pointEC' attribute (equivalent to CKA_EC_POINT), I get a 134 character…
Carlos Hernandez
  • 73
  • 10
3
votes
3 answers

Using Google's Cloud HSM to sign executables

I'm trying to find some documentation about using Google's Cloud HSM to sign executables. I have found a quite comprehensive guide for AWS CloudHSM but AWS pricing (>$1,000/month) seems to be orders of magnitude more expensive for our use-case. Can…
DaveJ
  • 2,357
  • 6
  • 28
  • 35
3
votes
0 answers

How to implement a KMS client as server-agnostic as possible?

Given an application that has to acquire private keys (mainly RSA ones) from a Key Management System (KMS), which could be a Hardware Security Module (HSM), what could be the best way to implement that kind of client if there's no way to know in…
Vrakfall
  • 966
  • 7
  • 13
3
votes
1 answer

PDF Signing, generated PDF Document certification is invalid? (using external signing, web-eid, HSM)

I have a service which signs the data and provides me with the signed hash, it correctly generates PKCS#7 DigestInfo as stated in rfc2315#section-9.4 Something like this The code for the above system is : https://pastebin.com/b3qZH6xW …
paresh
  • 33
  • 1
  • 4
3
votes
2 answers

How can I make sure that Cloud HSM service providers are really using physical Hardware Security Module not a simulation software?

This is exactly what I want to know. Cloud based HSM is expensive and I need to make sure of what to be paid for.
Tariq
  • 59
  • 6
3
votes
1 answer

How to use Pkcs11Interop with an NitroKey HSM to derive an shared secret with an EC

I bought a NitroKey HSM and manged to create an EC on it. Now I want to derive a shared secret. I found Pkcs11Interop, which seems to be the right tool for the job, but the handling is unclear. A code snipplet or link to a working project would be…
hdev
  • 6,097
  • 1
  • 45
  • 62
3
votes
2 answers

Create a PKCS#7 signed message in c# with a precomputed signature

I'm trying to create a PKCS#7 signed message in C#. The digital signature is being computed separately in an HSM so I already have the value of the signature, I just want to create a PKCS#7 structure that contains it. I've looked into using the…
Andy Gibson
  • 187
  • 2
  • 7
1 2 3
27 28