hsm

HSM and custom module

我是研究僧i 提交于 2021-02-20 05:26:09
问题 We are implementing safety-critical system, where the FIPS 140-2 compliant HSM (hardware security module) is required to generate and store key material, perform encryption/decryption and run custom code with the following requirements set for the custom module: Module is available over RPC Module has access to all HSM keys and services Module has in-memory and persistent storage (1+ MB both) Module memory is secured (FIPS 140-2 level 3+) As for the HSM services itself, it is required to:

Store data securely in memory (password based encryption)

混江龙づ霸主 提交于 2020-06-27 05:48:10
问题 I have to store the key into memory. So as security concern we can not store the cryptographic key into the memory directly, We need to store the key in Encrypted way. So the idea is we store the key in encrypted manner and at the time of crypto operation, just decrypt the key and use it and dispose the key. So we are using Password based encryption(PBE) define in BouncyCastle c# version Example code. The problem in code is that the password is fix here. I have to generate the password at run

Store data securely in memory (password based encryption)

馋奶兔 提交于 2020-06-27 05:47:11
问题 I have to store the key into memory. So as security concern we can not store the cryptographic key into the memory directly, We need to store the key in Encrypted way. So the idea is we store the key in encrypted manner and at the time of crypto operation, just decrypt the key and use it and dispose the key. So we are using Password based encryption(PBE) define in BouncyCastle c# version Example code. The problem in code is that the password is fix here. I have to generate the password at run

How to derive a key with JCA/JCE and with an HSM

情到浓时终转凉″ 提交于 2020-01-22 08:04:23
问题 I have a master key in an HSM and I want to derive it with a given diversifier. I am quite new to JCA/JCE, and a bit lost with KeyGenerator, SecretKeyFactory, ... especially since all parameters are strings. I want to use AES or HmacSha1. It seems I need to use a SecretKeyFactory, and provide a KeySpecs. But which type of KeySpecs? (I have seen a post on that topic, but I didn't seem an HSM was used.) Thanks. 回答1: You can derive key using: password-based derivation (PKCS#5) as described in

How to derive a key with JCA/JCE and with an HSM

℡╲_俬逩灬. 提交于 2020-01-22 08:02:17
问题 I have a master key in an HSM and I want to derive it with a given diversifier. I am quite new to JCA/JCE, and a bit lost with KeyGenerator, SecretKeyFactory, ... especially since all parameters are strings. I want to use AES or HmacSha1. It seems I need to use a SecretKeyFactory, and provide a KeySpecs. But which type of KeySpecs? (I have seen a post on that topic, but I didn't seem an HSM was used.) Thanks. 回答1: You can derive key using: password-based derivation (PKCS#5) as described in

How to interface with PKCS #11 compliant HSM device in .Net? [closed]

人盡茶涼 提交于 2020-01-16 16:34:31
问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 7 years ago . I am supposed to write a client application in C# that communicates with Thales WebSentry and I need a few hints at how to start.

iText: what type of certificates do people use to automate PDF signing on Linux?

半世苍凉 提交于 2020-01-10 20:16:10
问题 I have a low volume (<500 PDFs/year) application for automated digital-signing of PDF files using iText in Java on Linux. I've got iText adding a digital signature to PDFs using my SSL certificate. Is this a valid method to prove the PDF was generated by my domain (e.g. server)? Can it be used somehow to get the green checkmarks showing "trust" in Adobe Reader? If not, I should use a certificate intended for PDFs (e.g. not my SSL certificate), so that the little green checkmarks indicating