Stack Overflow
Stack Overflow

Questions tagged [hsm]

Hardware Security Modules are devices designed to protect cryptographic key material and accelerate certain operations.

Hardware Security Modules are computer devices that provide a protected environment in which cryptographic keys can be generated, used and (in some cases) stored. Without using an HSM, cryptographic keys are exposed in RAM during their generation and use.

Some HSMs also contain special-purpose chips that offer acceleration for particular cryptographic operations, such as RSA signature generation or elliptic curve operations.

412 questions
3
votes
1 answer

HSM using label of key object in PKCS11

This block of code is loading a cryptoki.so library and retrieving slot info. This is getting a list of objects in slot num. 0. I don't need to access all the keys to perform a few functions, just a specific key pair. Is there a way to get a single…
DJ2
  • 1,721
  • 3
  • 34
  • 74
3
votes
2 answers

Simulating Hardware security module

I want to implement part of HSM but first I need to simulate it in software. I want to have a complete isolated enviroment(?) that works like real HSM. My chosen API is pkcs#11 . should i do something like cryptech,implementing pkcs#11 as rpc ? Can…
h-sh-h
  • 61
  • 2
  • 8
3
votes
3 answers

HSM Error | Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8

Error received while decrypting data when private key is retrieved from HSM. I have added sunpkcs11 provider in java.security. Hence, NOT adding provider via code. Text gets encrypted successfully. However, while decrypting the encrypted text, I am…
Smart B0y
  • 423
  • 1
  • 5
  • 15
3
votes
2 answers

Begin writing a PKCS token on java card

I want to start implementing pkcs on java card. I have searched a lot but I couldn't find where to begin. I know that a standard token should support PKCS#11 functionalities and probably PKCS#15. should I read those two standards and just do my best…
MJay
  • 987
  • 1
  • 13
  • 36
3
votes
1 answer

Need help implementing key management scheme

Scheme has following requirements Client application should perform encryption/decryption using component 1, component 2 and ZPK (zone PIN key. Client should get this key from host in encrypted form). Host application should perform…
Saahon
  • 404
  • 1
  • 6
  • 27
3
votes
3 answers

pkcs#11 memory error - what might be the common reasons?

I am getting the CKR_DEVICE_MEMORY error code for C_Encrypt call using cryptoki library. From the PKCS#11 spec, CKR_DEVICE_MEMORY means The token doesnot have sufficient memory to perform the requested function. Under what circumstances, do we get…
Raj
  • 1,113
  • 1
  • 17
  • 34
3
votes
1 answer

CSR generation using java or BouncyCastle without using Private key

Want to create a CSR file in java, when the private/public key pair are getting generated in HSM(Hardware Security Module). On trying out the examples in Bouncy Castle, the generation of CSR requires both the private key and public key.As the…
Manu
  • 1,379
  • 6
  • 24
  • 53
3
votes
1 answer

Connect SafeNet HSM using Java remotely

Our application needs to interact with SafeNet HSM through Luna JSP api using java. We tried the following and were able to connect LunaSlotManager slotManager = LunaSlotManager.getInstance(); slotManager.login(password); But my question…
Ramesh
  • 1,872
  • 2
  • 20
  • 33
3
votes
1 answer

Private Key Template Inconsistent

I am attempting to generate an RSA key pair inside a SafeNet HSM. I copied the example templates specified in PKCS11 for the private and public keys. When i generate the key pair everything works fine. However, when i specify for the private key the…
Timothy Ghanem
  • 1,606
  • 11
  • 20
3
votes
3 answers

How to wrap Microsoft RSA key blob in HSM

I have a requirement to wrap an RSAPrivateKey in an HSM, such that it can be sent off to a Microsoft CA for key archival and I'm not sure what approach to take. The issue is that the Microsoft RSA key format is proprietary and doesn't seem to be…
user1991762
  • 151
  • 1
  • 6
3
votes
5 answers

SSL with private key on an HSM

I have a client-server architecture in my application that uses SSL. Currently, the private key is stored in CAPI's key store location. For security reasons, I'd like to store the key in a safer place, ideally a hardware signing module (HSM) that…
Jason
  • 1,411
  • 3
  • 21
  • 28
2
votes
2 answers

How to interface with PKCS #11 compliant HSM device in .Net?

I am supposed to write a client application in C# that communicates with Thales WebSentry and I need a few hints at how to start. Device comes with Java SDK but I need to do my programming in .NET. Are there any libraries in .NET that I can use, or…
Dan
  • 11,077
  • 20
  • 84
  • 119
2
votes
0 answers

has anyone undergone certification of PCI-DSS using general purpose HSM (and not payshield)?

can we utilise a general purpose HSM for EMV related work ? like ARQC/ARPC ? PCI guidelines do not specifically prohibit general purpose HSM from being used. There are certain constraints (e.g. disallow trnslation of ISO Type 0 to Type 1), etc. But…
Sandeep
  • 1,745
  • 3
  • 20
  • 30
2
votes
0 answers

PKCS#11 Why i call C_GetSlotList return no slot with token presented for MacOS Application, and return one slot for Command Line Tool?

I face some troubles about PKCS#11 library. I create 2 projects: Project 1: macOS Application (GUI - with Objective-C) Project 2: Command line tool (Console - with C++) unsigned long GetTokenInfos(CK_TOKEN_INFO_PTR pTokenInfo) { CK_RV rv =…
Ohtehands
  • 21
  • 2
2
votes
1 answer

Symmetric key creation with CKA_SENSITIVE false and CKA_PRIVATE as true

I am working on a cloud HSM service and I see CKA_ATTRIBUTE_INVALID error when I am trying to create a AES 256 key with following…
Zach
  • 35
  • 6
1 2 3
27 28