hsm

问题 I am trying to do POC on SoftHSM 2 , but some how I am getting below issue . Exception in thread "main" java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at SoftHSM.main(SoftHSM.java:50) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>

问题 I have initialized the SunPKCS11 provider by: Provider provider = new sun.security.pkcs11.SunPKCS11("path_to_pkcs11.cfg"); Security.addProvider(provider); And then I'm using this provider to initialize a KeyStore to use a key for cipher operations. KeyStore ks = KeyStore.getInstance("PKCS11", provider); ks.load(null, "password".toCharArray()); Once I'm done with the cipher operations, how should I finalize the session with the PKCS11 token? I have tried removing the Provider, but it didn't

问题 I am trying to compile an example c application that is using pkcs#11 to finds all the private keys on the token, and print their label and id, but getting following errors /tmp/ccAqQ7UI.o: In function initialize': pkcs11_example1.c:(.text+0x8e5): undefined reference to C_Initialize' /tmp/ccAqQ7UI.o: In function `get_slot': The example is taken from here compilling by using following command; `gcc pkcs11_example1.c -o slots -L /usr/lib/opensc-pkcs11.so` I am not sure which library i should

问题 I've a problem that occurs when getting certificate and putting to xml file. Should I use private key for signing? I see only public key in certificate. There is no private key in my certificate. byte[] ckaIdd = objectAttributess[0].GetValueAsByteArray(); string ckaLabel = objectAttributess[1].GetValueAsString(); byte[] ckaValue = objectAttributess[2].GetValueAsByteArray(); var _rawData = ckaValue ?? throw new ArgumentNullException(nameof(ckaValue)); var _parsedCertificate = new

问题 I have a simply method to access my HSM with Pkcs11Interop. This is the function: static public byte[] findTargetKeySValue(String label, String type, string command) { try { string pkcs11LibraryPath = @"C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\hsm\cryptoki.dll"; Utility.Logger("cryptoki dll path " + pkcs11LibraryPath, command); using (Pkcs11 pkcs11 = new Pkcs11(pkcs11LibraryPath, Inter_Settings.AppType)) { // Find first slot with token present Slot slot = Inter

问题 This question was migrated from Cryptography Stack Exchange because it can be answered on Stack Overflow. Migrated 2 years ago . I want to use KDSoap, which uses Qt, which uses OpenSSL, to consume a web service, that requires a secure connection, established by using a key stored in a USB HSM (SmartCard + Reader basically, called an Athena IDProtect Key v2.0). I've installed 64bit OpenSSL from Shining Light Productions. Qt 5.8 can load it (I've checked with QSslSocket ). Problem The problem

问题 I bought a NitroKey HSM and manged to create an EC on it. Now I want to derive a shared secret. I found Pkcs11Interop, which seems to be the right tool for the job, but the handling is unclear. A code snipplet or link to a working project would be very appreciated. 回答1: You can take a look at Pkcs11Admin application for a real world sample using Pkcs11Interop library. As far as I remember NitroKey HSM should be used with OpenSC middleware so your unmanaged library implementing PKCS#11 API

问题 I am building a solution to store keys and encrypt\decrypt data using an HSM. I am using a network HSM manufactured by Thales. The thing I have noticed is that a key generated in client machine 1 is inaccessible in client machine 2. The key can only be used to encrypt\decrypt data in client machine 1. Is there any thing that needs to be changed in my implementation or is there something to be changed in net-HSM configuration to enable this. I am using PKCS11Iterop library for all the key

问题 How can I use key material from a PKCS#11 compliant HSM (for example a SafeNet iKey 2032 [USB] or a Aladdin eToken PRO [USB]) in PHP application running on a Linux server? 回答1: I have not seen, and a cursory search has not found, a PCKS#11 glue library for PHP. Probably not the answer you're looking for. (: If you have better search fu than I, do update this thread. I think your best bet would be to write a C program that calls PKCS#11 and accesses the HSM, and call that from your PHP app as

问题 My application access the HSM via a ASP.NET web service through PKCS#11. I initialise the cryptoki library and obtain a session handle. Web-service hold on to this handle to perform encryption/decryption/signing/verifying in a batch mode. The problem i am facing is The ASP.NET web service time-outs' after 20 minutes. This act- i think, unloads the cryptoki library and the session handle held by the web-service becomes invalid. Yes, i agree that the ASP.NET web-service can be reconfigured not