hsm

How can I use key material from a PKCS#11 compliant HSM (for example a SafeNet iKey 2032 [USB] or a Aladdin eToken PRO [USB]) in PHP application running on a Linux server? I have not seen, and a cursory search has not found, a PCKS#11 glue library for PHP. Probably not the answer you're looking for. (: If you have better search fu than I, do update this thread. I think your best bet would be to write a C program that calls PKCS#11 and accesses the HSM, and call that from your PHP app as an external binary. Even if a PKCS#11 wrapper emerges for PHP, this approach will give you the full API

How do i integrate Hardware Security Module encryption with a java application? I'm looking for code samples to connect to HSMs, generate keys(asymmetric, symmetric), encrypt and decrypt data (asymmetric, symmetric) and store keys. Frank In JAVA you can just use JCE/JCA. Ask you provider for the implementation, you will need some jar files, and you're ready. All HSM should support common API interfaces, such as PKCS11, JCE or MSCAPI. For Java integration, they would offers JCE CSP provider as well. Simply configure the provider, and they you can use the Keystore/KeyGenerator as per normal. 来源：

Error received while decrypting data when private key is retrieved from HSM. I have added sunpkcs11 provider in java.security. Hence, NOT adding provider via code. Text gets encrypted successfully. However, while decrypting the encrypted text, I am getting below error at below line: cipher.init(Cipher.DECRYPT_MODE, privateKey); What is that i am missing here? Error: Caused by: java.security.InvalidKeyException: Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:101) [sunpkcs11.jar:1.7

I am trying to wrap my mind around the best way to implement nested state transitions in a single threaded programming language (Actionscript). Say I have a structure like this behavior tree: Now imagine that each leaf node is a destination point on a website, like an image in a gallery, or a comment nested in a post view nested in a page view... And the goal is to be able to run animated transitions from leaf node to leaf node, by animating out the previous tree (from bottom to top), and animating in the current tree (from top to bottom). So, if we were at the bottom-left-most leaf node, and

I have a low volume (<500 PDFs/year) application for automated digital-signing of PDF files using iText in Java on Linux. I've got iText adding a digital signature to PDFs using my SSL certificate. Is this a valid method to prove the PDF was generated by my domain (e.g. server)? Can it be used somehow to get the green checkmarks showing "trust" in Adobe Reader? If not, I should use a certificate intended for PDFs (e.g. not my SSL certificate), so that the little green checkmarks indicating "trust" appear naturally when the user opens the PDF document. The book http://itextpdf.com/book

I have initialized the SunPKCS11 provider by: Provider provider = new sun.security.pkcs11.SunPKCS11("path_to_pkcs11.cfg"); Security.addProvider(provider); And then I'm using this provider to initialize a KeyStore to use a key for cipher operations. KeyStore ks = KeyStore.getInstance("PKCS11", provider); ks.load(null, "password".toCharArray()); Once I'm done with the cipher operations, how should I finalize the session with the PKCS11 token? I have tried removing the Provider, but it didn't work. Security.removeProvider("sunPCKS11ProviderName"); The next time I try to communicate with the Token