Stack Overflow
Stack Overflow

Questions tagged [softhsm]

SoftHSM is software that emulates a PKCS11 Hardware Security Module for development and testing.

An HSM or Hardware Security Module is a PKCS11 compliant and tamper-proof hardware component for the management and storage of cryptographic assets such as keys and certificates, and for offloading cryptographic operations.

SoftHSM is a software emulation of a PKCS11 compliant HSM for purposes of development, training and testing. This provides a cost-effective alternative to purchasing dedicated hardware components for non-Production use. It is being developed as a part of the OpenDNSSEC project.

68 questions
9
votes
1 answer

Connecting to SoftHSM java

Code: String pkcs11cfg = "pkcs11.cfg"; Provider p = new SunPKCS11(pkcs11cfg); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, pin); System.out.println(ks.size()); // prints 0 cfg: name = pkcs11Test library…
bliof
  • 2,957
  • 2
  • 23
  • 39
9
votes
2 answers

Can't enable GOST engine support in OpenSSL

I'm trying to install SoftHSM as shown here, which requires OpenSSL. So I installed OpenSSL v1.0.2j, but it seems it doesn't have bundled GOST support, or at least I couldn't find libgost.so in /usr/lib/openssl/engines; so I took it from an older…
myrmix
  • 371
  • 3
  • 11
  • 25
7
votes
1 answer

How to get started with SoftHSM

I am currently trying to get a SoftHSM going (on a Windows platform). The goal is establish a communication channel between a client and the HSM server so that some data can be encrypted on the server side and be sent back to the calling client. I…
Richard Bailey
  • 2,658
  • 4
  • 27
  • 45
6
votes
0 answers

How to Install automake, autoconf, libtool, pkg-config on git bas windows 10

I'm trying to install SoftHSMv2 from here. Before SoftHSM building, I need to install GNU Autotools such as automake, autoconf, libtool and pkg-config on my git bash on windows 10. From where I will get these tools, i tried cygwin but after that I'm…
NaViGator
  • 61
  • 1
5
votes
1 answer

Error creating token via softhsm2 as non-root user "Could not initialize the library"

Whilst initializing a token via softhsm2-util as a non-root user I receive the following error: $ softhsm2-util --init-token --slot 0 --label "test" --so-pin 5462 --pin 8764329 ERROR: Could not initialize the library. How can I fix this?
Harsha
  • 131
  • 1
  • 6
4
votes
0 answers

Sign vmlinuz with SoftHSM?

We are working on Secureboot to secure our system from evil maid attacks. As part of securing the system, we sign the kernel and associated drivers. We use pesign tool to sign the kernel (vmlinuz). I tried to invoke PKCS engine from openssl to sign…
Ashok Vairavan
  • 1,862
  • 1
  • 15
  • 21
4
votes
1 answer

Extractig public key value via PKCS#11

I am using Pkcs11 library to retreive key from device: I am able to retreive ObjectHandle of public key. I try to extract public key value: var publicKeyHandle = GetPublicKeyByLabel(Session, "KEY1_QAL_PUB"); var objectAttribute =…
pwas
  • 3,225
  • 18
  • 40
4
votes
1 answer

Is it possible to store secret keys on SoftHSM?

I've found this thread: Connecting to SoftHSM java and it works when storing private keys, just like the example. But I need to store secret keys, such as AES. Here's my code: import java.security.*; import sun.security.pkcs11.*; import…
Camilo Salazar
  • 71
  • 1
  • 7
3
votes
0 answers

engine_pkcs11 and softhsm with ECC keys

I have softhsm-v2.5.0-rc1 which has ec keys imported in it. Now, when I try to use these keys from openssl CLI using the pkcs11 engine, it fails. SoftHSM version []:~$ softhsm2-util --version 2.5.0rc1 SoftHSM token init []:~$ softhsm2-util…
Paras Shah
  • 61
  • 6
3
votes
1 answer

pkcs11-tool generated keys in java are not getting loaded into pkcs11 keystore

I am seeing an null pointer exception when trying to get the private key from java pkcs11 keystore, when the key is generated by pkcs11-tool. This works fine if the key is generate using keytool. I can list the keys from pkcs11-tool as well but not…
rman
  • 83
  • 1
  • 4
3
votes
2 answers

Signing PDF from Pkcs11Interop for CKM_ECDSA_SHA256 using SoftHSM 2.2.0 (ECDSA with SHA256) C# .net

I am trying to sign Pdf documents using Pkcs11Interop .net library. I need to use ECDSA encryption algorithm with SHA256 hash algorithm. And I am using SoftHSM 2.2.0 for storing private keys. I found an CKM enum, CKM_ECDSA_SHA256, which I am passing…
Kumar
  • 63
  • 1
  • 10
2
votes
1 answer

Correct way to conduct private key operation from PKCS11 for mTLS connection in Go

I have successfully imported the private key into the PKCS11 token. The token object looks like this: Private Key Object; RSA label: ##### ID: ##### Usage: decrypt, sign, unwrap Access: sensitive Public Key Object; RSA…
JayRain
  • 61
  • 4
2
votes
1 answer

Corda HSM - Support for SoftHSM

Corda has specific configurations mentioned for every HSM that they support. I have tried finding a way to directly configure the node to use softhsm. But I havent been able to find any thing for Corda to work with softHSM. Hyperledger Fabric has a…
Deepti
  • 23
  • 3
2
votes
1 answer

Unwrapping of symmetric key throws Pkcs11Exception / CKR_GENERAL_ERROR

I'm trying to convert the Wrap / Unwrap example from a RSA key pair to a single AES key: // Open RW session using (ISession session = slot.OpenSession(SessionType.ReadWrite)) { string userPin = "1234"; // Login as normal user …
Rufus Buschart
  • 362
  • 1
  • 13
2
votes
0 answers

Getting error java.security.KeyStoreException: PKCS11 not found while using softhsm as hsm

I am using command line tool "keytool" to create a key pair in softhsm. I have added security.provider in java.security. # List of providers and their preference orders (see…
Prabal Kanti Sarkar
  • 121
  • 1
  • 10
1
2 3 4 5