pkcs#11

问题 We're trying to import an RSA key pair using C# and PKCS#11 into our HSM. Importing the private key using: var privateKeyAttributes = new List<ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); privateKeyAttributes.Add(new

问题 Information : There are two signature mechanisms for EBICS, A005 and A006 . EBICS specification > 2017-03-29-EBICS V 3.0-FinalVersion.pdf For EBICS A005, we have been using SHA256withRSA signature algorithm. It is working. SafeNet eToken 5110 is used to sign data files. It is based on PKCS11 standard. Its driver/software is called "SafeNet Authentication Client". Problem and questions : SafeNet eToken 5110 is very slow with SHA 256 withRSA algorithm at the code signer.update(data); . No

问题 Well guys I am trying to encrypt (actually sign) data using Public and Private exponent and modulus, It is in C#.NET and I can't use RSACryptoServiceProvider because it needs also both prime numbers and other CRT stuff. So I am trying to do following: private Byte[] signData() { BigInteger biPrivEx = new BigInteger(this.privEx); // Those are byte[] BigInteger biPubEx = new BigInteger(this.pubEx); BigInteger biMod = new BigInteger(this.mod); BigInteger cyph = BigInteger.ModPow(new BigInteger

问题 I am trying to call PK11_Verify inside a js. let PK11_Verify = null; PK11_Verify = declareFunction("PK11_Verify", nss3, [ SECStatus, SECKEYPublicKey, SECItem.ptr, SECItem.ptr, ctypes.voidptr_t ]); // ... let rv = PK11_Verify(tokenPublicKey, signature.address(), digest.address(), null); I get message errors back as: Couldn't find function PK11_Verify to declare loadLibraries failed: Error: Couldn't find function symbol in Library I have checked the version NSS in the web browser NSS 3.18.1

问题 I have some java 8 application, using gRPC for network communication. To secure that, I use TLS with client authentication. Now, I try to switch from software keys to a smart card, holding the private key and certificate (chain) for the client authentication. My code to make netty inside gRPC's use the sun pkcs#11 provider looks as follows: static NettyChannelBuilder getChannel(final String host, final int port, final File trustAnchorsFile) throws Exception{ String configName = "pkcs11.cfg";

问题 My ques is -- Is it possible to digitally sign a hash value of a file directly instead of file. I have to digitally sign a xml file in web environment through e-token. So I have to download the file from server to client and then get certificate from e-token usb at client machine and sign the file and upload it on server. But the problem is, if size of the file is too huge, then it will take too much time to download at client side (depend upon internet speed) and some leakage in the security

问题 I have tried to use python library "requests" to communicate with a website protected by a smartcard. It means a strong authentification in SSL : you must give a client side certificate (cert and private key). As I am using a smartcard, I cannot read the private key (only the modulus) that is a normal protection. I can read the smartcard with the python library PyKCS11 : all certificate, public key and modulus of private key once given the pin code. How to mix both requests and PyKCS11 ? How

问题 I have a web application running on Tomcat . My application uses a web service which signs (via smartcard ) and sends email. The web service itself adds the sunpkcs#11 provider automatically during the first call and before sending email, then can sign in and send emails if smartcard is not removed and inserted. If removed and inserted, in order to send email I must restart the tomcat server or it will give several errors depending on my code: result= api.signAndSend(to, cc, bcc, subject,

问题 I bought a NitroKey HSM and manged to create an EC on it. Now I want to derive a shared secret. I found Pkcs11Interop, which seems to be the right tool for the job, but the handling is unclear. A code snipplet or link to a working project would be very appreciated. 回答1: You can take a look at Pkcs11Admin application for a real world sample using Pkcs11Interop library. As far as I remember NitroKey HSM should be used with OpenSC middleware so your unmanaged library implementing PKCS#11 API

问题 I am building a solution to store keys and encrypt\decrypt data using an HSM. I am using a network HSM manufactured by Thales. The thing I have noticed is that a key generated in client machine 1 is inaccessible in client machine 2. The key can only be used to encrypt\decrypt data in client machine 1. Is there any thing that needs to be changed in my implementation or is there something to be changed in net-HSM configuration to enable this. I am using PKCS11Iterop library for all the key