Stack Overflow
Stack Overflow

Questions tagged [hsm]

Hardware Security Modules are devices designed to protect cryptographic key material and accelerate certain operations.

Hardware Security Modules are computer devices that provide a protected environment in which cryptographic keys can be generated, used and (in some cases) stored. Without using an HSM, cryptographic keys are exposed in RAM during their generation and use.

Some HSMs also contain special-purpose chips that offer acceleration for particular cryptographic operations, such as RSA signature generation or elliptic curve operations.

412 questions
16
votes
2 answers

How do I integrate HSM encryption with JAVA?

How do i integrate Hardware Security Module encryption with a java application? I'm looking for code samples to connect to HSMs, generate keys(asymmetric, symmetric), encrypt and decrypt data (asymmetric, symmetric) and store keys.
Armin
  • 599
  • 2
  • 8
  • 19
15
votes
1 answer

OpenSSL - check on what engine is a function called and if hardware is really used?

First of all, I'm a beginner in the OpenSSL world. I apologize in advance for any basic, barbaric errors. Consider a flow: Initialize OpenSSL with engine using hardware (let's call it EngineHW). Call an OpenSSL function, e.g. X509_sign. How to…
hauron
  • 4,550
  • 5
  • 35
  • 52
14
votes
3 answers

How to generate certificate if private key is in HSM?

I often use openssl to generate RSA key and certificate. But now i encounter a problem. openssl x509 -req require private key as input. But now we're using HSM to protect private key and I'll never be able to touch the private key. In this way how…
demonguy
  • 1,977
  • 5
  • 22
  • 34
12
votes
1 answer

How to import a ed25519 private key into Yubi HSM 2

I am trying to import a openssl generated ed25519 key into Yubi HSM 2 I am following the steps described here: https://developers.yubico.com/yubihsm-shell/yubihsm-wrap.html echo -en '\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff'…
Simon B.Robert
  • 31,754
  • 4
  • 16
  • 24
12
votes
3 answers

How to finalize SunPKCS11 Provider after it is initialized?

I have initialized the SunPKCS11 provider by: Provider provider = new sun.security.pkcs11.SunPKCS11("path_to_pkcs11.cfg"); Security.addProvider(provider); And then I'm using this provider to initialize a KeyStore to use a key for cipher…
always_a_rookie
  • 4,515
  • 1
  • 25
  • 46
11
votes
3 answers

How do I integrate HSM encryption with C#?

How would I integrate Hardware Security Module encryption with a C# application?
user690932
  • 419
  • 2
  • 7
  • 19
10
votes
1 answer

Get system date/time via USB

Is there any way to query the system's date/time via USB without installing anything on the host computer (maybe just drivers)? Background of the original problem To avoid the XY problem, let me explain a bit what I'm trying to do. To be able to…
Acapulco
  • 3,373
  • 8
  • 38
  • 51
9
votes
5 answers

Software security Module/ toolkit replacing HSM for developing crypto functions

I worked and completed a PKI project which used a HSM for generating - storing keys and performing crypto functions. I used PKCS#11 to interface with our application for sigining/verifying and encryption/decryption. Our platform is windows. Now we…
Raj
  • 1,113
  • 1
  • 17
  • 34
8
votes
1 answer

What is the functionality of ZMK or ZCMK in HSM?

I want to know in brief about Zone Master Key or Zone Control Master Key in Hardware/Host Security Module.Can someone explain please?
Md. Ilyas Hasan Mamun
  • 1,848
  • 2
  • 24
  • 15
7
votes
1 answer

PKCS#11 Generate AES key

Hei, The question is not really about Ncryptoki but i didnt know anywhere else to ask.. so if anybody can help please help me. Im tryng to generate AES key and heres the code what i have right now: CK_MECHANISM keyGenMech = new…
t678
7
votes
2 answers

MasterCard PIN change issuer script fails, Thales HSM used for MAC generation. EMV

I use Thales Payshield 9000 HSM. So far, all commands has worked and everything has been achieved what i wanted. Now the problem is when trying to change pin in ATM. Pin change script is generated and format looks like is OK when checking MasterCard…
Gntvls
  • 230
  • 4
  • 16
7
votes
1 answer

HSM: Error while opening connection to the HSM

Receiving the CKR_GENERAL_ERROR when the application tries to open a connection to the H/W HSM. The error in detail is: 50004-Crypto API could not be open. Caused by: xxx.xxx.xxx.cryptoapi.CryptoApiSysException: Error opening session!! Caused by:…
departed
  • 71
  • 1
  • 4
6
votes
2 answers

Extract Key from a tr31 key block (exporting from HSM Thales 9000)

Using the HSM command A0 (Generate a Key), I am getting the below response. HEADA100U7D4213E0422F4E08E9455D9837E09FDDRA0072B1TX00S000073C35FF96F7A8C7D35D440CCBDA06FFED3AC7017F27B0A0E8896FFC971F0B9 HEAD (Message Header) A1 (Response Code) 00 …
Panagiotis Giannakis
  • 400
  • 1
  • 9
  • 19
6
votes
4 answers

How to interface with PKCS#11 compliant HSM device in PHP

How can I use key material from a PKCS#11 compliant HSM (for example a SafeNet iKey 2032 [USB] or a Aladdin eToken PRO [USB]) in PHP application running on a Linux server?
Paul
  • 85
  • 1
  • 6
6
votes
1 answer

How to derive a key with JCA/JCE and with an HSM

I have a master key in an HSM and I want to derive it with a given diversifier. I am quite new to JCA/JCE, and a bit lost with KeyGenerator, SecretKeyFactory, ... especially since all parameters are strings. I want to use AES or HmacSha1. It seems I…
Joel
  • 669
  • 7
  • 25
1
2 3
27 28