Stack Overflow
Stack Overflow

Questions tagged [hardware-security-module]

60 questions
11
votes
3 answers

How do I integrate HSM encryption with C#?

How would I integrate Hardware Security Module encryption with a C# application?
user690932
  • 419
  • 2
  • 7
  • 19
5
votes
2 answers

Yubico private key certificate signing no longer works with openssl3

I store my PKI CA certificate and private key on a Yubikey and used it to issue end user certificates but after upgrading to openssl3 from openssl1 this no longer works. The script that I have used to sign certificate requests which works with…
Paul
  • 42
  • 5
  • 19
5
votes
1 answer

Yubikey API access via NFC

Device and Environment Secure Element (currently) used: Yubikey 5 NFC OS (currently) used: Linux (future targets will be Win and Android) Readers used: ACS ACR122U, REINER SCT cyberJack RFID, SCM SCL011 Goals Connect to Yubikey via NFC and…
reichhart
  • 813
  • 7
  • 13
5
votes
1 answer

Difference between HSM and Argon2 ? which one is preferrable

I am working on a application dealing with customer details , which we want to store in our DB as encrypted , Which one is preferable Argon2
Muddassir Rahman
  • 976
  • 1
  • 9
  • 20
3
votes
2 answers

How can I make sure that Cloud HSM service providers are really using physical Hardware Security Module not a simulation software?

This is exactly what I want to know. Cloud based HSM is expensive and I need to make sure of what to be paid for.
Tariq
  • 59
  • 6
3
votes
1 answer

PKCS#11 engine for openSSL

I'm trying to setup openSSL under Windows 7 to use a vendor specific security module. From the vendor I got a PKCS#11 API dll (lets say vendor.dll). The PKCS#11 engine has been created according to https://github.com/OpenSC/libp11 As described in…
MichaelW
  • 1,328
  • 1
  • 15
  • 32
2
votes
2 answers

Extract clear key from TR-31 version B key block

I am trying to implement TR-31 decryption into my test application. Because I don't have TR31 standard from ANSI i relay on free materials :) I am able to get the clear key using Cryptographics Calculator. KBPK: …
etna
  • 23
  • 4
2
votes
1 answer

How to publish Jar to Maven Central using HSM-produced digital signatures?

My objective is to publish a library on Maven Central, while using a Hardware Security Module (HSM, explanation below) to sign the binary. The documentation I found explains how to use maven-gpg-plugin, but this requires the plugin to handle the key…
ralien
  • 1,448
  • 11
  • 24
2
votes
1 answer

Convert Pkcs11X509Certificate to X509Certificate2 to use as ssl client cert

I am quite new to this... I have safenet luna hsm storing certs. I need to retrieve cert and use it as client cert in an ssl session. I am trying to use Pkcs11Interop (and also Pkcs11X509Store) without success. I cant get the X509Certificate2 with…
user20292184
  • 21
  • 1
2
votes
0 answers

Parquet encryption and envelope technique with azure managed hsm

I would like to use Columnar Encryption or parquet encryption with the envelope technique. I have read this here. An example of this technique for an open-source KMS is explained here My question is now is it possible to use Azure managed HSM…
Kaja
  • 2,962
  • 18
  • 63
  • 99
2
votes
3 answers

install4j: Automating Windows Extended Validation Code Signing and Apple Notarization on the same machine?

We are considering to switch to an extended validation (EV) code signing certificate. In order to fully automate the notarization with Apple, we had to switch our build machine to a Mac mini. Reading up on the EV code signing process, and how to…
Reto Höhener
  • 5,419
  • 4
  • 39
  • 79
1
vote
0 answers

Use vsixsigntool.exe with SafeNet HSM | sign VSIX using HSM

Earlier I successfully used vsixsigntool.exe to sign extensions for Visual Studio in the VSIX format. The command line call looked like this: vsixsigntool.exe sign /f %PFX% /p %PWD% /sha1 %HASH% /tr http://timestamp.globalsign.com/tsa/r6advanced1…
TecMan
  • 2,743
  • 2
  • 30
  • 64
1
vote
0 answers

Where is engine_pkcs11.so?

I'm trying to run openssl in combination with a PKCS#11 hardware security module (currently trying with Yubikey 5). All documentation and tutorials I find tell me that I have to use OpenSC as "engine", and the openssl command always look something…
Georg P.
  • 2,785
  • 2
  • 27
  • 53
1
vote
2 answers

oaep decryption with HSM private key

I have a key pair storage in HSM. SP for HSM is not support "RSA/ECB/OAEPPadding" decryption. I can decrypt without padding with existing private key. Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding",…
An Anita
  • 153
  • 7
1
vote
0 answers

How can I generate a HMAC key and secret key and share with client using AWS?

I am looking to generate a HMAC key and secret value as I want to use it as part of API request signatures. I want to be able to share the secret value and key with a 3rd party so I need access the value in plain text for one time. There would be a…
eVolve
  • 1,340
  • 1
  • 11
  • 30
1
2 3 4