pkcs#11

PyKCS11 unhashable list

心不动则不痛 提交于 2019-12-01 14:40:07
A python script of mine is designed to get detailed information of slots/tokens in a particular .so library. The output looks like this: Library manufacturerID: Safenet, Inc. Available Slots: 4 Slot no: 0 slotDescription: ProtectServer K5E:00045 manufacturerID: SafeNet Inc. TokenInfo label: CKM manufacturerID: SafeNet Inc. model: K5E:PL25 Opened session 0x00000002 Found 38 objects: [5021, 5022, 5014, 5016, 4, 5, 6, 7, 8, 9, 16, 18, 23, 24, 26, 27, 29, 30, 32, 33, 35, 36, 38, 39, 5313, 5314, 4982, 5325, 5326, 5328, 5329, 5331, 5332, 5335, 5018, 4962, 5020, 4963] I am able to open the session

PyKCS11 unhashable list

纵然是瞬间 提交于 2019-12-01 12:28:22
问题 A python script of mine is designed to get detailed information of slots/tokens in a particular .so library. The output looks like this: Library manufacturerID: Safenet, Inc. Available Slots: 4 Slot no: 0 slotDescription: ProtectServer K5E:00045 manufacturerID: SafeNet Inc. TokenInfo label: CKM manufacturerID: SafeNet Inc. model: K5E:PL25 Opened session 0x00000002 Found 38 objects: [5021, 5022, 5014, 5016, 4, 5, 6, 7, 8, 9, 16, 18, 23, 24, 26, 27, 29, 30, 32, 33, 35, 36, 38, 39, 5313, 5314,

PKCS#11 unwrap private key to HSM

大憨熊 提交于 2019-12-01 11:16:50
问题 I've learned that I cannot simply transfer a private key to my HSM via PKCS#11, I need to wrap it first and then unwrap it on the HSM. So I temporarily create a DES3 key on our HSM, then I'd like to wrap (encrypt) my RSA private key with it, then I want to unwrap it on the HSM. My code looks like this: // Create temporary DES3 key for wrapping/unwrapping var tempKeyAttributes = new List<ObjectAttribute>(); tempKeyAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));

Accessing Hardware PKCS11 Token on a 64 Bit Machine

烈酒焚心 提交于 2019-12-01 04:12:58
So here's what I'm trying to do. I have a hardware token with some certs on it and I'm writing a Java application to try and access those certs. I have used the SunPKCS11 library in jre6 for a windows 32 bit machine. This is a small sample of how I access the certs: String configName = "pkcs.cnf" String PIN = "123456"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyStore keyStore = KeyStore.getInstance("PKCS11"); char[] pin = PIN.toCharArray(); keyStore.load(null, pin); It works great, I'm able to get the certs and everything. Now I'm trying to do the

Accessing Hardware PKCS11 Token on a 64 Bit Machine

你。 提交于 2019-12-01 01:31:15
问题 So here's what I'm trying to do. I have a hardware token with some certs on it and I'm writing a Java application to try and access those certs. I have used the SunPKCS11 library in jre6 for a windows 32 bit machine. This is a small sample of how I access the certs: String configName = "pkcs.cnf" String PIN = "123456"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyStore keyStore = KeyStore.getInstance("PKCS11"); char[] pin = PIN.toCharArray();

Access restriction on sun.security.pkcs11.SunPKCS11

☆樱花仙子☆ 提交于 2019-11-30 16:38:30
问题 I'm trying to setup a PKCS11 provider for accessing a smartcard. I installed a PKCS11 library on my system and followed the instructions in the Java PKCS#11 Reference Guide. In the reference they simply create an instance of sun.security.pkcs11.SunPKCS11 and pass the name of the configuration file to the constructor. When I try to compile the following code Provider p = new sun.security.pkcs11.SunPKCS11("pkcs11.cfg"); Security.addProvider(p); I get the following error. Access restriction: The

Connecting to SoftHSM java

半城伤御伤魂 提交于 2019-11-30 09:35:14
Code: String pkcs11cfg = "pkcs11.cfg"; Provider p = new SunPKCS11(pkcs11cfg); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, pin); System.out.println(ks.size()); // prints 0 cfg: name = pkcs11Test library = /usr/local/lib/libsofthsm.so slot = 1 The problem is that I have some key pairs, I added them with pkcs11-tool. The version of softhsm is 1.2.1 Why there aren't any aliases in the KeyStore? How to fix this? We will release SoftHSM 1.3.0 soon. It has support for certificates and is tested with Java. SoftHSM.java: import java.io.*; import java.math.*;

PKCS11 deriveKey() and encrypt() returning different results for 3DES

孤人 提交于 2019-11-29 04:06:59
问题 I am working on a key derivation problem using an HSM and PKCS11 and currently I can't understand why I see completely different results depending on whether I use the deriveKey() method as opposed to using the encrypt() method. In both cases I'm attempting to use DESede/ECB/NoPadding algorithm for the result and yet depending on which method (deriveKey vs. encrypt) I use to generate the result, I see different outcomes. Stepping back for a moment to give a high level overview... I am using a

Bad Padding Exception - RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING in pkcs11

霸气de小男生 提交于 2019-11-29 02:45:11
My application is accessing e-Token for decrypting the response coming from the server The session key from the server is encrypted using :- RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING I am using SunPKCS11 Provider for implementing the access to crypto token. Whenever i try to decrypt this using the above mechanishm i.e. with RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING i am getting :- **javax.crypto.BadPaddingException: doFinal() failed at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:328) at sun.security.pkcs11.P11RSACipher.engineDoFinal(P11RSACipher.java:353) at javax.crypto.Cipher

Getting certificates from PKCS11 Smartcard without PIN/password

為{幸葍}努か 提交于 2019-11-29 01:36:38
问题 Abstract: when using JCA over PKCS11 over OpenSC, the PIN is requested when extracting certificates. I have got an application that needs to sign using a smartcard. The smartcard is supported by OpenSC, so I am using the Java-built-in pkcs11 wrapper provider to use it. For functional reasons, I need to obtain the certificates in the card without a PIN requested. If the user finally signs, then, of course, the PIN is needed. I see I can do it from command line without providing a PIN: pkcs11
订阅 pkcs#11