-1

Is there a way to list all keys inside the Utimaco HSM, created by PKCS11 interface and cngtool? currently, I only can view each of them separately:

PKCS11: using "PKCS#11 CryptoServer Administration" interface.

CNG keys using the command: cngtool ListKeys

mshwf
  • 147
  • 6

1 Answers1

0

This is not a general PKCS#11 question, but it relates to a specific vendor and how this vendor implemented different APIs. Therefore, primary contact point would be their support.

In this case, PKCS#11 and CNG use the vendor's proprietary API CXI and, therefore, all keys can be listed using cxitool (given that you have a user with the proper rights).

dannyM
  • 41
  • 3
  • I forgot to mention the vendor, edited the question – mshwf Sep 04 '20 at 07:42
  • I know :) The product name was unambiguous. However, I've edited my answer. – dannyM Sep 04 '20 at 07:47
  • I tried the `cxitool` yesterday, it somehow works, it lists all user's keys regardless of the key origin. – mshwf Sep 04 '20 at 08:24
  • But sounds like there are restrictions to list ALL keys inside the HSM – mshwf Sep 04 '20 at 08:26
  • Access to keys is restricted by the user attribute CXI_GROUP that must match the group of the key. Read e.g. the cxitool manual section "Cryptographic Keys and Key Groups". – dannyM Sep 04 '20 at 08:40
  • "the cxitool manual section"! didn't find any resources, the only thing I could find is an archived file that only has a command, I learned using the tool from it! Can you share the manual with me please? – mshwf Sep 04 '20 at 08:50
  • Download the SecurityServer simulator from Utimaco's homepage. It contains all documentation. – dannyM Sep 04 '20 at 11:15