Highest Voted 'pkcs11' Questions - IT Security Stack Exchange

12

votes

2 answers

TPM 2.0 PKCS#11 on Windows and Linux

The new Skylake processors have integrated TPM 2.0 inside. Is there any way how to use the TPM 2.0 as a PKCS#11 token on Windows and Linux for symmetric and asymmetric keys? TPM 1.2 has a PKCS#11 libraries and I am looking for something similar for…

tpm pkcs11

asked Jun 11 '16 at 06:47

user1563721

1,099
11
22

6

votes

1 answer

uploading pkcs12 to yubikey piv slot

i have a id_rsa (private key which is used by me to authentication and encryption together with cert on yubikey piv smardcart provider on slot 9a) now i wish to use this key to create a pkcs12 keystore (private key + self signed cert) to sign jar…

encryption yubikey pkcs11 pkcs12

asked Mar 15 '16 at 16:12

ceph3us

161
1
6

5

votes

1 answer

Key derivation inside secure container of HSM

I have to implement custom key derivation function which basically works as follows: I have encryption key K in secure container of HSM. K can't be exported and the only way how to use it is through HSM command or PKCS#11 function. The derived key…

encryption key-management hsm pkcs11 api

asked Jul 21 '15 at 17:05

user1563721

1,099
11
22

5

votes

2 answers

Key based encryption for files with the key stored on a USB drive?

We're a small startup running a server inside the clients premises and certain files needs to be kept encrypted on that server. We want the decryption to be only possible when we plug in a particular USB drive (with the private key inside it). Are…

encryption key-management smartcard pkcs11

asked Mar 29 '17 at 17:50

Grim Reaper

518
1
4
14

4

votes

1 answer

Create certificate without private key or using USB eToken

Considering this thread: Create certificate without private key with OpenSSL I have a very similar situation. I have a USB eToken 5110 JC (Aladdin) which has an inaccessible private key, since it's the main objective. I can use pkcs11-tool --module…

certificates openssl gnupg pkcs11 hardware-token

asked May 14 '18 at 17:02

Fellipe Theophilo Barata

61
3

4

votes

1 answer

What is the state of smart card/computer interoperability

Smart cards are the only really secure device that can be used for, among other things, electronic identification. However, there are usability concerns stemming from the lack of standartization. Usually, in order to use a smartcard, the user has…

smartcard pkcs11

asked Oct 28 '15 at 11:55

Bozho

1,173
1
10
12

4

votes

1 answer

How can I use my HSM to turn a CSR into a certificate?

I create a CSR using OpenSSL, so I have public and private keys. Now I want to sign this CSR and convert it into an X.509 certificate. The only problem is, my signer is a custom HSM. I can send bytes and it signs them for me using SHA1. (The full…

openssl rsa x.509 hsm pkcs11

asked Oct 13 '15 at 19:50

John McKean

73
1
6

3

votes

1 answer

Extract the content of PKCS7 file in Java

I have a PKCS#7 signature that have the content‐type signed data and it embeds an XML document, and I have to extract the xml document from this PKCS7 file. Anyone know how to do that in java ??

certificates certificate-authority java pkcs11 pkcs8

asked Jun 24 '15 at 09:48

Hakim

619
3
9
14

3

votes

1 answer

OBKG on smartcard with PKCS#11

I have a new smart card with an on board PKCS#11 module and operate in a Win 8 environment. Like many cards, it can generate its own key pairs for enhanced security (only the public key can leave the card). The keys generated are not OTP keys,…

key-generation smartcard pkcs11

asked Apr 27 '15 at 00:32

TrustNoOne

261
1
8

3

votes

3 answers

Is it possible to wrap and export RSA private key in FIPS 140-2 Level 3 compliant hardware?

I would like to do the following on FIPS 140-3 Level 3 certified cryptographic token using PKCS#11: Generate RSA key pair on token Import AES key from multiple components Wrap and export RSA private key with AES key (PKCS#8) into file I am trying…

aes rsa fips token pkcs11

asked Mar 17 '15 at 16:46

user1563721

1,099
11
22

3

votes

1 answer

Smartcard - main differences between .NET and Java smartcard?

My question focuses on the differences regarding PKCS11 implementation between a .Net and a Java smartcard. More generally, do smartcard use a specific "OS" (or firmware) and only differ in the middleware / application layer ? Is it easy to format…

public-key-infrastructure java smartcard pkcs11

asked Jan 02 '15 at 22:53

crypto-learner

697
1
7
17

3

votes

1 answer

Why does it take so much time to create a secret key on a HSM?

I was testing key generation on a Hardware Security Module and I noticed that it takes so much time to generate an AES 256 secret key on the HSM. I've used pkcs11-tool to generate the key and it took about 5 sec to complete the task: $ pkcs11-tool…

openssl hsm pkcs11

asked Oct 20 '20 at 18:39

No name

93
7

3

votes

0 answers

Is it possible to use Bouncy Castle crypto library with PKCS#11 HSMs?

Is it possible to use Bouncy Castle crypto library with PKCS #11 HSMs?

cryptography hsm pkcs11

asked Oct 22 '16 at 09:35

westbeam87

419
4
11

3

votes

1 answer

PKCS#11 session object security

The CKA_TOKEN attribute identifies whether the object is a token object or a session object. We can believe that when the PKCS#11 object has CKA_TOKEN attribute set to true, then it is securely stored inside memory of PKCS#11 enabled device. For…

key-management pkcs11

asked Mar 16 '16 at 15:56

user1563721

1,099
11
22

2

votes

2 answers

PKCS#1-1.5 encoding - is there a reason to use 00 in block type?

For encryption block looking like this: EB = 00 || BT || PS || 00 || Data where BT - block type and PS - padding string, I've read that we use three types of BT - 00, 01, 02. Now, since 00 and 01 are for private key operations (where 01 is…

digital-signature rsa pkcs11

asked May 30 '15 at 18:25

James Pond

77
2
9

Questions tagged [pkcs11]