pkcs#11

PKCS11 command flow

*爱你&永不变心* 提交于 2019-12-10 10:47:37
问题 I'm trying to access a PKCS11 cryptographic token (smart card). I was previously using a smart card that had its own proprietary API for card access, so I'm trying to understand how I can map this out to a PKCS11 token. In my previous smart card, I had to connect to the device, then issue API calls for various functions such as Verify PIN, Get card info, Select File, Read File, Write File, perform cryptographic functions (RNG, symmetric/assymmetric encryption, etc), and finally, I would

How to verify signed data with PyKCS11 Library

被刻印的时光 ゝ 提交于 2019-12-09 22:37:53
问题 I wrote a simple Python script which makes a digital signature using my smart card (Rutoken ECP SC), PKCS#11 library (implemented by my vendor) and PyKCS11 wrapper for Python. I already generated the private/public key pair using this card and created a signature using pkcs11 but I don't know how to verify this signed data. The problem is that my pkcs11 library (implemented in c++) has verification methods but PyKCS11 wrapper don't. And now I don't know how to solve this problem. I will be

How to interface with PKCS#11 compliant HSM device in PHP

空扰寡人 提交于 2019-12-09 12:04:37
问题 How can I use key material from a PKCS#11 compliant HSM (for example a SafeNet iKey 2032 [USB] or a Aladdin eToken PRO [USB]) in PHP application running on a Linux server? 回答1: I have not seen, and a cursory search has not found, a PCKS#11 glue library for PHP. Probably not the answer you're looking for. (: If you have better search fu than I, do update this thread. I think your best bet would be to write a C program that calls PKCS#11 and accesses the HSM, and call that from your PHP app as

HSM - cryptoki - Sessions - Timeout

风流意气都作罢 提交于 2019-12-08 08:52:29
问题 My application access the HSM via a ASP.NET web service through PKCS#11. I initialise the cryptoki library and obtain a session handle. Web-service hold on to this handle to perform encryption/decryption/signing/verifying in a batch mode. The problem i am facing is The ASP.NET web service time-outs' after 20 minutes. This act- i think, unloads the cryptoki library and the session handle held by the web-service becomes invalid. Yes, i agree that the ASP.NET web-service can be reconfigured not

Getting java IAIK PKCS11 wrapper work for nfast

橙三吉。 提交于 2019-12-08 05:06:26
问题 I am trying to get IAIK PKCS11 wrapper to work with nfast. It is always expecting pkcs11wrapper library file and throws an error - java.lang.UnsatisfiedLinkError: pkcs11wrapper (Not found in java.library.path) How do I get it to use the library file ( /opt/nfast/toolkits/pkcs11/libcknfast.so ) provided by the HSM? Any help is greatly appreciated and forgotten about! 回答1: You need to configure the path to the IAIK pkcs11wrapper, either on the LD_LIBRARY_PATH, java.library.path (-Djava.library

Is it possible to connect with a HSM without PIN using PKCS11INTEROP library?

家住魔仙堡 提交于 2019-12-08 04:10:54
问题 We are using PKCS11INTEROP library to connect with the NShield HSM. To perform any operation(generate/encrypt/decrypt) inside the HSM you need to first get the slot and then login to the slot using the PIN. This is all working as expected. NShield HSM allows your keys to be protected in two ways Module Protection and Token Protection. The NShield client software provides you a utility KSAFE to manage keys in the HSM. If you are using KSAFE utility and you want to protect your keys by module

How to use private key on a PKCS#11 module instead of perivate key file for mutual-authentication in OpenSSL?

99封情书 提交于 2019-12-08 03:24:08
问题 I've a simple SSL client that uses OpenSSL library. My server requires client authentication & so I've to set client's private key stored in a password protected PEM file. I use the following code for this purpose: /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); abort(); } /* verify private key */ if ( !SSL_CTX_check_private_key(ctx) ) { fprintf(stderr, "Private key does not match the public

How to use private key on a PKCS#11 module instead of perivate key file for mutual-authentication in OpenSSL?

僤鯓⒐⒋嵵緔 提交于 2019-12-07 23:16:29
I've a simple SSL client that uses OpenSSL library. My server requires client authentication & so I've to set client's private key stored in a password protected PEM file. I use the following code for this purpose: /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); abort(); } /* verify private key */ if ( !SSL_CTX_check_private_key(ctx) ) { fprintf(stderr, "Private key does not match the public certificate\n"); abort(); } Now I want to know how can I establish a SSL connection using private key stored on a

Threadsafe usage of PKCS11Interop library in C# [closed]

…衆ロ難τιáo~ 提交于 2019-12-07 19:53:19
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 years ago . I am using PKCS11Interop to perform Key Management operations inside an HSM. The HSM I am using is Thales PCI Express. Below is the class that wraps all operations being performed in HSM: public sealed class KeyStoreOperations { private KeyStoreContext m_keyStoreContext; private static Pkcs11 m_Pkcs11; private

64 bit alternative to SunPkcs11 implementation [closed]

試著忘記壹切 提交于 2019-12-07 12:07:03
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . We use a middle-ware to build software applications which is installed over JDK 1.6.30 64 bit setup. We recently got a requirement to sign certain requests using USB token. I googled around and found out that an implementation is provided by Sun in the name of SunPKCS11. But, the same is only available in 32 bit
订阅 pkcs#11