Highest Voted 'hsm' Questions - IT Security Stack Exchange

1

vote

0 answers

Implementing Internal Certificate Authority

We're considering setting up an internal certificate authority to issue ssl certificates. The certificates would primarily be used to secure internal websites, but I could foresee us potentially issuing certificates to secure our VPN infrastructure…

asked Mar 16 '17 at 13:09

Brad

613
6
12

1

vote

1 answer

Using a HSM device for code signature generation

I currently generate code signatures for my open source package by using openssl. The way I do it is : Generate RSA private-public key pair (E.g. openssl genrsa) During packaging , I create a signature by generating a sha-512 digest for the package…

cryptography openssl digital-signature code-signing hsm

asked Nov 02 '16 at 20:55

jdoe

13
2

1

vote

0 answers

If a HSM RNG is FIPS 140-2 compliant, does that imply FIPS 186-2 compliance also?

If the RNG of an HSM is said to be compliant to FIPS 140-2 (approved DRBG - SP 800-90 CTR mode) does also imply that it is compliant to FIPS 186-2?

cryptography fips hsm

asked Jun 28 '16 at 21:35

Tarik GUELZIM

11
2

1

vote

0 answers

AWS DMS to use CloudHSM

I have a source database that need to be migrated to another one. This target will be created and integrated with CloudHSM so that the data migrated is encrypted. For migration I am planning to use AWS DMS. Both are Oracle Engine (11g). My doubts…

databases hsm

asked Mar 30 '16 at 11:07

Vysakh

11
1

0

votes

1 answer

Using a custom authentication mechanism with SSH

I have a hardware device that can compute ECDSA signatures and generate ECDSA keys without exporting the private key (only public key is exported). I'm looking for a way to tie this into SSH. Is there a way to do so without patching OpenSSH?

ssh hsm

asked Feb 03 '15 at 16:01

user1094206

107
1

0

votes

1 answer

PKCS11 PIN security

Hardware security modules are tamper-resistant and PKCS11 PIN is required to use keys. if a software application wants to perform some cryptographic functions, it should know the PIN. but the application is running in a non-secure environment and…

hsm pkcs11

asked Jan 19 '15 at 12:10

sfallahdoost

47
6

0

votes

1 answer

NSS / OpenSSL tradeoff on an embedded linux application which uses a TPM via pkcs11?

I am on a trade-off between the use of OpenSSL or NSS in an embedded Linux application that makes use of a TPM (HSM). EDIT: I need a SSH server and Apache using TLS, both using the keys protected by the TPM. I am looking for satisfying the…

openssl hsm tpm

asked Oct 10 '14 at 09:14

lalebarde

587
1
5
13

0

votes

2 answers

How to secure communication between server application and client mobile application through HSM

We are planning to deploy HSM with our application. The solution we are thinking is : Mobile applications talks to server application, Server application talks to HSM for authentications, encryption, decryption Clients are mobile…

rsa hsm

asked Mar 08 '14 at 11:42

Ravi Khakhkhar

59
1
6

0

votes

1 answer

What is the diffference between HSM and PTS-approved point-of-interaction device?

According to PCI-DSS requirement 3.5.2: We should store secret keys in a cryptographic device. Cryptographic devices: 1.HSM 2.PTS-approved point of interaction device My questions: I have some knowledge about HSM and it encrypts the KEK using Master…

pci-dss hsm

asked Feb 25 '14 at 19:31

RajeshKannan

585
2
7
12

0

votes

0 answers

PL5:220 is heavily overloaded

we use the old PL5:220 is heavily overloaded Is "etnetserver" the master cryptographic process? hsm is in the cluster but apparently the load balancer is not working correctly, Our developers claim that LB is fine, the problem is with HSM Can the…

hsm

asked Sep 20 '22 at 09:04

Petr

1

0

votes

1 answer

How do RSA smartcards prevent key exfiltration?

Extracting private keys directly from the card is nearly impossible. With some acid package destruction and electron microscope work, a skilled team, and enough time, money, and luck you can in theory extract keys but it involves not only physical…

smartcard hsm cryptanalysis exfiltration

asked Sep 12 '22 at 17:52

JamesTheAwesomeDude

581
4
15

0

votes

0 answers

How to viably use HSM on public cloud providers (AWS or GCP)

I don't have any experience with HSMs. My goal is to secure critical seed phrases used to generate crypto wallets I found a good approach is to use HSMs to store encryption keys and encrypt the seed phrases (I don't know if that's how they're used…

public-key-infrastructure key-management physical key-generation hsm

asked Jun 18 '22 at 12:21

whitebat 199

1

0

votes

1 answer

How do centralized crypto exchanges store seed phrases and users' private keys?

Say I'm trying to develop a CEX, hence I will hold custody of users' keys. How would I go about doing that and ensuring safety and security? From what I know, I can generate the users' keys from a seed phrase and store the path used to generate the…

public-key-infrastructure key-management hsm cryptocurrency

asked May 31 '22 at 21:28

whitebat 199

1

0

votes

0 answers

Import BDK encrypted under the Transport Key KEK on HSM

I received a two-component KEK TDES key and a BDK cryptogram, which is encrypted for this KEK. Do you have any suggestions on how to load such a key into the HSM device? Eg. Luna HSM

encryption cryptography key-management hsm

asked Apr 21 '22 at 10:05

safetygeek

1

0

votes

0 answers

Storing an encryption key securely

I am struggling with the question how to store a security key in a secure way. I have done some research and there are multiple options. Option 1) Storing the key on the same server (not recommended, because an attacker might easily get access to…

cloud-computing storage key hsm

asked Feb 04 '22 at 08:39

JavaForAndroid

111
1

Questions tagged [hsm]