hsm

I am trying to get IAIK PKCS11 wrapper to work with nfast. It is always expecting pkcs11wrapper library file and throws an error - java.lang.UnsatisfiedLinkError: pkcs11wrapper (Not found in java.library.path) How do I get it to use the library file ( /opt/nfast/toolkits/pkcs11/libcknfast.so ) provided by the HSM? Any help is greatly appreciated and forgotten about! You need to configure the path to the IAIK pkcs11wrapper, either on the LD_LIBRARY_PATH, java.library.path (-Djava.library.path=java.library.path:/path/to/pkcs11wrapper) or via the iaik properties file using PKCS11_WRAPPER_PATH

My application access the HSM via a ASP.NET web service through PKCS#11. I initialise the cryptoki library and obtain a session handle. Web-service hold on to this handle to perform encryption/decryption/signing/verifying in a batch mode. The problem i am facing is The ASP.NET web service time-outs' after 20 minutes. This act- i think, unloads the cryptoki library and the session handle held by the web-service becomes invalid. Yes, i agree that the ASP.NET web-service can be reconfigured not to time-out, which will keep the cryptoki library always loaded. My question is What happens to the

I'm trying to use Pkcs11Interop to extract the value of the key from the HSM. I know, the key has to stay in the HSM, but I need it, so... I already do it with NCryptoki and I'd like to do it also with Pkcs11Interop I tried this code: // Prepare attribute template that defines search criteria List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, "MY_KEY")); // Find all

I am building a solution to store keys and encrypt\decrypt data using an HSM. I am using a network HSM manufactured by Thales. The thing I have noticed is that a key generated in client machine 1 is inaccessible in client machine 2. The key can only be used to encrypt\decrypt data in client machine 1. Is there any thing that needs to be changed in my implementation or is there something to be changed in net-HSM configuration to enable this. I am using PKCS11Iterop library for all the key management operations. I am using token based OCS protection. I suppose your client machine 1 has a new

I'm trying to create a PKCS#7 signed message in C#. The digital signature is being computed separately in an HSM so I already have the value of the signature, I just want to create a PKCS#7 structure that contains it. I've looked into using the SignedCms in the System.Security.Cryptography.Pkcs namespace but this doesn't seem to have an option for providing a precomputed signature. What is the best way to generate a PKCS#7 structure in C# when I already have the value of the digital signature? AFAIK you cannot do that with "built-in" .NET classes. However I have created an example application