pkcs#11

HSM and custom module

我是研究僧i 提交于 2021-02-20 05:26:09
问题 We are implementing safety-critical system, where the FIPS 140-2 compliant HSM (hardware security module) is required to generate and store key material, perform encryption/decryption and run custom code with the following requirements set for the custom module: Module is available over RPC Module has access to all HSM keys and services Module has in-memory and persistent storage (1+ MB both) Module memory is secured (FIPS 140-2 level 3+) As for the HSM services itself, it is required to:

CURLINFO_SSL_ENGINES don't list openssl engine

和自甴很熟 提交于 2021-02-07 10:43:38
问题 I try to use engine pkcs11 with curl. Firstly, I add my engine pkcs11 to openssl. int initEngine() { ENGINE_load_builtin_engines(); ENGINE *e; display_engine_list(); e = ENGINE_by_id("dynamic"); if(!e) { return -1; } if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_SO_PATH, 0)) { return -2; } if(!ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0)) { return -3; } if(!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0)) { return -4; } if(!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 1)) { return -5; } if(!ENGINE

java.io.IOException: %1 is not a valid Win32 application

梦想与她 提交于 2021-01-29 03:37:07
问题 I'm trying to digitally sign XML documents. For that I have 2 options. There's a library for programmers created by Estonian Certifying Centre and there is a script, that runs a Java code, made by a bank. If using the official (Certifying Centre) library then everything works like a charm with a little bit of tweaking, but when it comes to the bank script then it goes berserk resulting in errors: java.io.IOException: %1 is not a valid Win32 application. esteid-pkcs11 at iaik.pkcs.pkcs11

Copying a certificate from a smart card to computer

五迷三道 提交于 2021-01-28 00:26:51
问题 Is it possible to copy a certificate from a smart card to the computer and use it to login to a certain site. On mac, those certificates appear in Keychain and they can be saved to disk, but I'm not sure how to force a site to prompt a dialog screen to choose the certificate. When the smart card is connected, the prompt somehow appears and asks to choose a certificate. 回答1: The smartcard contains a key pair composed by a private key and a public key wrapped into a X509 certificate. It is

How to change token label without re-initializing it?

可紊 提交于 2021-01-27 21:06:37
问题 I'm aware of initToken(char[] pin, java.lang.String label) from the IAIK docs. But the function will reset the token and any data in the token would be lost. I just want to change the token label without losing token's content. Is there any way to do it? 回答1: There is no standard function in PKCS#11 to change the token label. Thus, it seems that the only way to change the label is re-initialization using C_initToken . 来源: https://stackoverflow.com/questions/60556467/how-to-change-token-label

PyKCS11 get token certificates

浪子不回头ぞ 提交于 2021-01-01 03:59:54
问题 I am using PyKCS11 library to read read the certificates from a token device. This is the code I am using right now, the problem is that the attributes are binary. pkcs11 = PyKCS11Lib() pkcs11.load("C:\Windows\System32\eTPKCS11.dll") slot = pkcs11.getSlotList()[2] session = pkcs11.openSession(slot, PyKCS11.CKF_SERIAL_SESSION) objects = session.findObjects([(PyKCS11.CKA_CLASS, PyKCS11.CKO_CERTIFICATE)]) all_attributes = [PyKCS11.CKA_SUBJECT, PyKCS11.CKA_VALUE, PyKCS11.CKA_ISSUER, PyKCS11.CKA

java SunPKCS11 multiple etokens(smartcards) same time , provider not found error

只愿长相守 提交于 2020-01-24 20:12:25
问题 I am using SSL connection with X509 certificates provided from smartcards. I have 2 identical tokens from athena . I initialise the keystores after I am reading the certificates, but when I am trying to to do the actual connection for the second token I am getting no provider found for my Private key.Connecting using the first token it's not affected, it works. I tried adding different SunPCKS11 provider by specifing the slotIndexList to 1 , the number for the second token given by "slots =