key-management

HSM and custom module

我是研究僧i 提交于 2021-02-20 05:26:09
问题 We are implementing safety-critical system, where the FIPS 140-2 compliant HSM (hardware security module) is required to generate and store key material, perform encryption/decryption and run custom code with the following requirements set for the custom module: Module is available over RPC Module has access to all HSM keys and services Module has in-memory and persistent storage (1+ MB both) Module memory is secured (FIPS 140-2 level 3+) As for the HSM services itself, it is required to:

Store symmetric keys in Java Card

独自空忆成欢 提交于 2019-12-23 01:24:22
问题 I am working on an applet which has to share some keys of type AESKey with different terminals. The thing is I don't know in advance how many terminals it will have to handle. As there is no structure like HashTable in Java Card, it's getting complicated. I can still fix an upper bound and instanciate as much objects AESKey but I would like to search for another way to do. I thought I could do something with byte arrays, but is it a bad practice to store keys in byte[] ? I think the answer is

May .pfx file contain more than one private key?

这一生的挚爱 提交于 2019-12-12 22:23:15
问题 This question was migrated from Information Security Stack Exchange because it can be answered on Stack Overflow. Migrated 4 years ago . I am trying to understand whether .pfx file may contain multiple private keys or not. In case there are several sets of certificates and their private keys how they can be found in KeyStore? By using aliases, right? Sorry for this weird question but I would be happy if someone could help me clarify this question. Thanks a lot. 回答1: So the answer is yes it

How to make PKCS12 (PKCS#12) contain more than one private key in .p12 container?

耗尽温柔 提交于 2019-12-10 18:58:05
问题 I used Openssl to create a PKCS12 .p12 container storing a private key, server certificate and a CACertificate (Self signed) and I was able to export/parse the same successfully. But I want to know how I can add more than one Private key to the same container . For example - I have 2 sets of server certificate and 2 private keys that I need add to the single .p12 container. From that .p12 container I want to parse and extract both private keys separately along with 2 server certificates. In

data encryption and key management in c#

安稳与你 提交于 2019-12-10 01:28:47
问题 Which route to take, whats the pros and cons, which is more secure.. 1) Generate AES key, encrypt the data with it and then encrypt the AES key with RSA, save the encrypted data and encrypted AES key to a file and RSA keypair to a KeyContainer. 2) Or use DPAPI ProtectedData class to encrypt the data and save it to a file and then store the entropy what i used with ProtectedData.Protect() to somewhere.. (maybe allso encrypt it with the RSA, store the RSA keypair to KeyContainer and the

Store symmetric keys in Java Card

ⅰ亾dé卋堺 提交于 2019-12-07 06:10:30
I am working on an applet which has to share some keys of type AESKey with different terminals. The thing is I don't know in advance how many terminals it will have to handle. As there is no structure like HashTable in Java Card, it's getting complicated. I can still fix an upper bound and instanciate as much objects AESKey but I would like to search for another way to do. I thought I could do something with byte arrays, but is it a bad practice to store keys in byte[] ? I think the answer is yes and it is only recommanded to store it in transient arrays to make computations. Otherwise, I don

How to extract private keys from an ssh-agent?

不羁岁月 提交于 2019-12-05 12:24:04
问题 ssh-add -l displays that I have 3 RSA keys added to my SSH agent. ssh-add -L displays those public keys. How do I get the private keys as well, so that I can save them to a file? Or is it by design that this is impossible? How does it work then? Can ssh-agent be asked to do operations using the private key? How can I ask it to encrypt/decrypt a number for me? It's OK that I have to write code for this (the programming language doesn't matter), but I'd prefer using an existing tool or a

How to extract private keys from an ssh-agent?

家住魔仙堡 提交于 2019-12-03 23:37:11
ssh-add -l displays that I have 3 RSA keys added to my SSH agent. ssh-add -L displays those public keys. How do I get the private keys as well, so that I can save them to a file? Or is it by design that this is impossible? How does it work then? Can ssh-agent be asked to do operations using the private key? How can I ask it to encrypt/decrypt a number for me? It's OK that I have to write code for this (the programming language doesn't matter), but I'd prefer using an existing tool or a library. It's not possible to get the private key or to perform encryption using the protocol between ssh and

programmatically import .cer certificate into keystore

耗尽温柔 提交于 2019-11-30 12:55:36
问题 How can I import a .p12 certificate from the classpath into the java keystore? First I used the InstallCert https://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java and did some changes so the server certificate will be imported into the keystore in the java install directory. This works fine but now I want to load a certificate from my classpath. EDIT: I just use a .cer certificate, see next answer 回答1: The answer: InputStream certIn = ClassLoader

Where can I learn about proven methods for sharing cryptographic keys?

一个人想着一个人 提交于 2019-11-30 12:54:56
Suppose that a group wants to encrypt some information, then share the encryption key among the group members in a way that requires the consensus of the group to decrypt the information. I'm interested in a variety of scenarios where the breadth of consensus ranges from unanimity to an absolute majority. A useful technique can apply to symmetric keys, private keys, or both. I could take a crack at rolling my own method, as I'm sure many SO members could. But for the purposes of this question, I am interested only in methods that have been widely published and have withstood scrutiny by expert