hsm

问题 Using PKCS11Interop on Safenet HSMs, I got this error "Method C_OpenSession returned 2147484548" the error, in my documentation, is CKR_SMS_ERROR: " General error from secure messaging system - probably caused by HSM failure or network failure ". This confirm the problem it happens when the connectivity is lacking. The problem is when this happens, the service isn't able to resume the communication when the connectivity is back, until I restart manually the service managing the HSM access .

问题 Using PKCS11Interop on Safenet HSMs, I got this error "Method C_OpenSession returned 2147484548" the error, in my documentation, is CKR_SMS_ERROR: " General error from secure messaging system - probably caused by HSM failure or network failure ". This confirm the problem it happens when the connectivity is lacking. The problem is when this happens, the service isn't able to resume the communication when the connectivity is back, until I restart manually the service managing the HSM access .

问题 I often use openssl to generate RSA key and certificate. But now i encounter a problem. openssl x509 -req require private key as input. But now we're using HSM to protect private key and I'll never be able to touch the private key. In this way how do i suppose to generate a x509 certificate? 回答1: I've seen some HSMs come with their own support programs ready to use for a variety of things including key generation and cert or CSR creation, or make them available (for example on the vendor

问题 I am trying to use a custom OpenSSL engine for crypto operations required for client certificate authentication. Currently Net::HTTP lets us pass only the cert and key which will be used for the client authentication. We are moving all private keys to HSM ("Hardware Security Module") so instead of the default OpenSSL engine we want to plug-in a custom OpenSSL engine. The custom OpenSSL engine will perform private key signing operations using HSM. Current with the default engine we have code

问题 I am using PKCS11Interop to perform Key Management operations inside an HSM. The HSM I am using is a network HSM, Thales N-Shield. Here are the details of my setup: 1- HSM 1- RFS Server 3- Clients My software application is distributed and is hosted over the 3 clients. The key will be generated in one of the clients and could be used by the application components present in other clients. However, I have noticed that a key generated in one client machine is not accessible to other client

问题 We are using luna SDK to develop algorithms to perform cryptographic operations using HSM. In doing so, we installed Luna client software in our application. The problem is I am not able to find the logs generated by the client software. After my search, I found cklog.txt contains the logs but I can't find this file on the client installation. 回答1: Normally, you can find cklog.txt in your luna client installation folder. eg : C:\Program Files\SafeNet\LunaClient\cklog.txt If you don't find,

问题 I need to integrate our IVR with ATM switch. In this case IVR needs to send pin block formed in ISO format 9594-1 Format 0 only (Zone pin key – Pin encryption). WE have Clear component - 1 ,2, & 3 & ZMK - Key check value. I need to know steps to generate PIN Block format 0 using ZPK encryption. Also as I am beginner need to know the role played here of clear component & ZMK . 回答1: Here is some javascript that will encrypt a pin into a Format-0 (PAN-free) pinblock. In this example it is

问题 I have generated a RSA public-private keypair in HSM using PKCS11Interop generate key API. I want to export the keypair. I used Findobject API to get the keys, the API returs an ObjectHandle , while reading attributes using GetAttributeValue API , I am not able to read the key's value. And when I set the key's attribute to CKA_EXTRACTABLE to true, I am not able to generate the key altogether. Also I need to import externally provided keypair in HSM. Any help is highly appreciated. 回答1: What

问题 Hei, The question is not really about Ncryptoki but i didnt know anywhere else to ask.. so if anybody can help please help me. Im tryng to generate AES key and heres the code what i have right now: CK_MECHANISM keyGenMech = new CK_MECHANISM(CKM.AES_KEY_GEN); CK_ATTRIBUTE[] template = { new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY), new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.VALUE_LEN, 32), new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK

问题 How do i integrate Hardware Security Module encryption with a java application? I'm looking for code samples to connect to HSMs, generate keys(asymmetric, symmetric), encrypt and decrypt data (asymmetric, symmetric) and store keys. 回答1: In JAVA you can just use JCE/JCA. Ask you provider for the implementation, you will need some jar files, and you're ready. 回答2: All HSM should support common API interfaces, such as PKCS11, JCE or MSCAPI. For Java integration, they would offers JCE CSP