pkcs#11

I am trying to get IAIK PKCS11 wrapper to work with nfast. It is always expecting pkcs11wrapper library file and throws an error - java.lang.UnsatisfiedLinkError: pkcs11wrapper (Not found in java.library.path) How do I get it to use the library file ( /opt/nfast/toolkits/pkcs11/libcknfast.so ) provided by the HSM? Any help is greatly appreciated and forgotten about! You need to configure the path to the IAIK pkcs11wrapper, either on the LD_LIBRARY_PATH, java.library.path (-Djava.library.path=java.library.path:/path/to/pkcs11wrapper) or via the iaik properties file using PKCS11_WRAPPER_PATH

We are using PKCS11INTEROP library to connect with the NShield HSM. To perform any operation(generate/encrypt/decrypt) inside the HSM you need to first get the slot and then login to the slot using the PIN. This is all working as expected. NShield HSM allows your keys to be protected in two ways Module Protection and Token Protection. The NShield client software provides you a utility KSAFE to manage keys in the HSM. If you are using KSAFE utility and you want to protect your keys by module protection then you do not have to provide a PIN whereas PIN becomes mandatory if the key is to

My application access the HSM via a ASP.NET web service through PKCS#11. I initialise the cryptoki library and obtain a session handle. Web-service hold on to this handle to perform encryption/decryption/signing/verifying in a batch mode. The problem i am facing is The ASP.NET web service time-outs' after 20 minutes. This act- i think, unloads the cryptoki library and the session handle held by the web-service becomes invalid. Yes, i agree that the ASP.NET web-service can be reconfigured not to time-out, which will keep the cryptoki library always loaded. My question is What happens to the

Good day! I'm trying to create public key ObjectHandle based on hex string that comes from client via post request. I'm doing it according to the documentation, but it returns me CKR_ATTRIBUTE_TYPE_INVALID exeption. Full exeption message: Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_CreateObject returned CKR_ATTRIBUTE_VALUE_INVALID' Inner exeption is null Can you please help me to figure out what i'm doing wrong? Here is my code: using (Pkcs11 pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, AppType.MultiThreaded)) { Slot slot = GetSlot(pkcs11); // This public key comes from

I am building a solution to store keys and encrypt\decrypt data using an HSM. I am using a network HSM manufactured by Thales. The thing I have noticed is that a key generated in client machine 1 is inaccessible in client machine 2. The key can only be used to encrypt\decrypt data in client machine 1. Is there any thing that needs to be changed in my implementation or is there something to be changed in net-HSM configuration to enable this. I am using PKCS11Iterop library for all the key management operations. I am using token based OCS protection. I suppose your client machine 1 has a new

I'm trying to sign a string with different certs from MS-KeyStore. But, I know there are imported keys from a token in MS-Keystore. So, my problem is - if I go through the Keystore and try to sign with a cert which has a reference to pkcs11 I get a pop up to enter the pkcs11 password. How can I check if the cert is from my token? Thanks in advance!!! This is my code for now: String alias; byte[] data = "test".getBytes(); char[] pin = "pass".toCharArray(); try { KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, pin); System.out.println("Provider: "+ks.getProvider()); System.out

I bought a NitroKey HSM and manged to create an EC on it. Now I want to derive a shared secret. I found Pkcs11Interop , which seems to be the right tool for the job, but the handling is unclear. A code snipplet or link to a working project would be very appreciated. You can take a look at Pkcs11Admin application for a real world sample using Pkcs11Interop library. As far as I remember NitroKey HSM should be used with OpenSC middleware so your unmanaged library implementing PKCS#11 API will be opensc-pkcs11.dll . I believe these resources might be helpful for you: Getting started with