Highest Voted 'hsm' Questions - IT Security Stack Exchange

2

votes

1 answer

Which KEK can wrap AES, RSA and ECDSA keys securely?

If I have AES256, RSA4K and ECDSA-512 keys as CEKs, which I need to securely store, what KEK can I use to securely wrap these without reducing the bit strength? I am aware that an AES256 key can wrap RSA4K without reducing the bit-strength (RFC…

asked Jun 09 '19 at 04:58

mithya

123
2

2

votes

1 answer

HSM best practice for access

I've been building a product using AWS CloudHSM and things are working well in the POC. Now I want move to production, I've realised that there will be a need to authenticate with the HSM in order to have it sign messages with private keys it…

authentication key-management hsm

asked May 13 '19 at 15:06

Woodstock

679
6
20

2

votes

1 answer

HSM (Hardware Security Module)

I am implementing a security solution and I would like some recommendations on existing HSM software. If anyone has done a comparison on the existing HSM software and can recommend good and supported ones? I have seen virtual HSM:…

encryption cryptography hsm

asked Jul 19 '18 at 06:42

user181612

2

votes

2 answers

Why is an HSM required to protect CA certificates (rather than a regular USB token)?

Typical USB tokens (Nitrokey, YubiKey...) allow an everyday user to store PGP keys and use them to encrypt email, harddrives and so on. The same vendors also offer distinct products called HSMs (Nitrokey HSM, YubiHSM). The suggested use case is…

key-management physical hsm key hardware-token

asked Jul 11 '18 at 09:37

lofidevops

3,550
6
23
32

2

votes

1 answer

Securing an HSM on the network

I've never had to place an HSM on a network before so I want to ask this question to get a consensus on best practice for this. The HSM will reside on an internal network which will look like this; internet <-> boundary firewall <-> DMZ <-> inside…

network hsm architecture

asked Aug 15 '17 at 10:53

gkw1975

23
2

2

votes

1 answer

Offloading hashing and symmetric encryption to HSM

When using a (PKCS#11) based HSM (for S/Mime or PGP) the public key operations for signing or decryption is done by the HSM so that the key has to never leave the protected environment. The bulk part of those operations (for signing this is the…

encryption hsm pkcs11

asked Jul 21 '17 at 04:09

eckes

962
8
19

2

votes

1 answer

What does the private key look like for an HSM based certificate?

Can someone explain what makes up the anatomy of a certificate’s private key when the key itself is stored on an HSM? I’m using nShield in this example but I’m assuming the principals are the same for any HSM that creates certificates with HSM…

certificates hsm

asked Jan 31 '17 at 08:28

Brian Mitchell

141
2

2

votes

2 answers

Synchronous and Asynchronous physical security tokens: which is stronger? pros/cons?

I'm thinking about the differences between physical authentication tokens such as RSA's synchronous physical tokens or asynchronous challenge/response, like Google's gmail direct-to-phone codes. At the highest level of abstraction, are there reasons…

authentication multi-factor hsm

asked Jan 09 '12 at 05:40

logicalscope

6,344
3
25
38

1

vote

1 answer

Simulation of cloud based digital signature with Hardware Security Module (HSM)

I am working on a cloud-based digital signature with a Hardware Security Module (HSM). I know that PKCS#11 AND Microsoft CryptoAPI implementation is required. I want to simulate the total process. For this, is Thales Simulator best for HSM? How can…

digital-signature hsm

asked Aug 03 '15 at 19:24

Taif

79
1
3

1

vote

0 answers

Through signing process with HSM Luna, What device perform the signing?

I'v succesfully configure and test character String signin usign Java and HSM Luna SA through PKCS11. My question is, In wich processor cryptographic operations are perform? In wich way HSM Luna could speed up masive signing.

java hsm pkcs11

asked Feb 19 '15 at 20:02

eluish192

11
2

1

vote

1 answer

Server-based PDF Signing using HSM

I have some question about server side pdf signing using network-attached hardware security module. my first question is: what is PDF Signing Certificate? Certificates are public keys, how a certificate can be used for signing? from…

digital-signature hsm pdf

asked Jan 12 '15 at 15:41

sfallahdoost

47
6

1

vote

1 answer

Luna HSM key cache

I'm working with a Luna SA HSM through PKCS11 and i have the following scenario: I have created a master key pair for key wrapping and i want to bring a key wrapped with the master public key into the HSM. So, i search for the master private key and…

hsm

asked Sep 05 '14 at 08:06

tghanim

115
3

1

vote

0 answers

Import securely RSA private key through PKCS#11

I have a cryptographic device that supports the following mechanisms: How I could securely import RSA private key into it? Because there is no support for wrap/unwrap using symmetric key is there any other way? Could it be used CKM_RSA_PKCS or…

public-key-infrastructure key-management rsa hsm

asked Mar 06 '14 at 11:04

user1563721

1,099
11
22

1

vote

1 answer

Root certificate from an CA company which can be encrpyted by SoftHSM

Does anybody know a CA company which allows me to put the bought CA certificate inside SoftHSM (the same as an HSM but without any hardware, it is pure software)? Is it hard to work with the PKCS11 interface? I have a Java application which will…

encryption cryptography certificate-authority hsm

asked Feb 17 '14 at 12:01

RobinHo

135
4

1

vote

0 answers

Decrypt "key" that is encrypted with LMK or TMK

New to HSM (Thales payshield 9000), I'm working on DUKPT algorithm. I manage to derive the IPEK(encrypted either under LMK or TMK), but I need to inject a plain text IPEK into an end point device. I don't think my end point device can support…

encryption hsm

asked Aug 10 '13 at 07:41

Leslie Lip

11
2

Questions tagged [hsm]