pkcs#11

问题 I've a PKCS-11 supported smartcard? I just want to check that my the smartcard is working fine or not. How can check it on Ubuntu? Please guide me. what software I can use? how what steps should I follow? 回答1: It is important to understand that PKCS#11 standard just defines the C language API to access smartcards and other types of cryptographic hardware (or even software). It is usually hardware vendor who provides software library (.dll for windows, .so for unix etc.) that implements PKCS

问题 I am making an application, in C#4, that has to sign a XML file. I'd no great problems, until I bumped into this: accessing a smart-card/token to get its certificates and private keys. Nothing really out of the box, just get the certificate and key, based in a password. Does anyone know how to do it without any paid framework? 回答1: The Microsoft Crypto API's support the ability to interact with hardware devices out of the box. This will require that your card have a driver provided by the

问题 We are using luna SDK to develop algorithms to perform cryptographic operations using HSM. In doing so, we installed Luna client software in our application. The problem is I am not able to find the logs generated by the client software. After my search, I found cklog.txt contains the logs but I can't find this file on the client installation. 回答1: Normally, you can find cklog.txt in your luna client installation folder. eg : C:\Program Files\SafeNet\LunaClient\cklog.txt If you don't find,

问题 I'm trying to sign a string with different certs from MS-KeyStore. But, I know there are imported keys from a token in MS-Keystore. So, my problem is - if I go through the Keystore and try to sign with a cert which has a reference to pkcs11 I get a pop up to enter the pkcs11 password. How can I check if the cert is from my token? Thanks in advance!!! This is my code for now: String alias; byte[] data = "test".getBytes(); char[] pin = "pass".toCharArray(); try { KeyStore ks = KeyStore

问题 I have generated a RSA public-private keypair in HSM using PKCS11Interop generate key API. I want to export the keypair. I used Findobject API to get the keys, the API returs an ObjectHandle , while reading attributes using GetAttributeValue API , I am not able to read the key's value. And when I set the key's attribute to CKA_EXTRACTABLE to true, I am not able to generate the key altogether. Also I need to import externally provided keypair in HSM. Any help is highly appreciated. 回答1: What

问题 Hei, The question is not really about Ncryptoki but i didnt know anywhere else to ask.. so if anybody can help please help me. Im tryng to generate AES key and heres the code what i have right now: CK_MECHANISM keyGenMech = new CK_MECHANISM(CKM.AES_KEY_GEN); CK_ATTRIBUTE[] template = { new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY), new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.VALUE_LEN, 32), new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK

问题 Hello I'm trying to access the keystore from my smartcard in Java. And I'm using the following code.. I'm using the Pkcs11 implementation of OpenSc http://www.opensc-project.org/opensc File windows.cnf = name=dnie library=C:\WINDOWS\system32\opensc-pkcs11.dll Java Code = String configName = "windows.cnf" String PIN = "####"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-dnie"); =)(= char[] pin

问题 The reason that this question was born is that I am totally lost, so please forgive the trivial and senseless parts. I have an Android app, a web-service, a MicroSD smart card (mobile security card). I need to know how can I use the card with ssl to securely communicate with the web-service. Rebuilding and flashing the OS is not an option. What I know: The API used to communicate with the MSC How to write/deploy applets to the MSC How to call a web-service What I don't know: SSL Too much

问题 I have a SSL server in python to which I defined the following SSLContext: context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(CACERTFILE) context.load_cert_chain(CERTFILE,KEYFILE) CERTFILE and KEYFILE contain a path to the server's certificate and private key. But you always have to provide a path to load_cert_chain(). I don't want to retrieve the private key from a file, but from a PKCS#11 wrapper like PyKCS11 or M2Crypto. How

问题 I have to implement a Python based web server on a Linux based firmware for an embedded system component: class WebServer(http.server.HTTPServer) ... ... To enable ssl connections a ssl context is created within the server by self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) self.ssl_context.load_cert_chain(certfile=cert, keyfile=key) self.ssl_context.verify_mode = ssl.CERT_REQUIRED self.ssl_context.load_verify_locations(verifyCert) Note: cert is a file path to the certificate, keyfile