Highest Voted 'pkcs11' Questions - IT Security Stack Exchange

2

votes

2 answers

pkcs11 with remote HSM

Seeking assistance on using PKCS11 with a remote HSM. I have a small linux host with an HSM card installed. The HSM has libraries and utility scripts provided to interact with it, on that host. These include a pkcs11 utility. What I can’t grasp…

hsm pkcs11

asked Nov 01 '20 at 09:00

r.l.

21
2

2

votes

0 answers

Cryptoki PKCS11 C_Decrypt returns shorter key (decrypted message) than expected

First off let me say I'm fully aware this question can only be answered by the token vendor but I have already contacted them and with the whole COVID situation my hopes of hearing from them soon are not high (nor that I need to, this is just to…

rsa smartcard firmware pkcs11 hardware-token

asked Jun 14 '20 at 20:05

Marcos G.

176
5

2

votes

1 answer

Do PKCS #11 keyfiles on a yubikey actually improve security for Veracrypt?

I am trying to understand the benefits of a PKCS #11 keyfile stored on a smartcard such as a YubiKey with regards to Veracrypt volumes. Am I correct that the file will be taken off of the hardware device to be used? If so, this would seem to…

yubikey veracrypt pkcs11

asked Feb 12 '20 at 00:41

Jonathan Cross

1,548
1
12
25

2

votes

1 answer

Offloading hashing and symmetric encryption to HSM

When using a (PKCS#11) based HSM (for S/Mime or PGP) the public key operations for signing or decryption is done by the HSM so that the key has to never leave the protected environment. The bulk part of those operations (for signing this is the…

encryption hsm pkcs11

asked Jul 21 '17 at 04:09

eckes

962
8
19

1

vote

1 answer

Safenet iKey 4000 RSA key pair generation in FIPS 140-2 compliant mode

I need to generate RSA key pair and show the public and private key on screen (in a secured room). The algorithm must be FIPS approved. So I would like to use iKey 4000 which is FIPS 140-2 level 3 compliant (I am using PKCS#11 library from Safenet…

rsa key-generation fips token pkcs11

asked Mar 11 '15 at 20:32

user1563721

1,099
11
22

1

vote

0 answers

Through signing process with HSM Luna, What device perform the signing?

I'v succesfully configure and test character String signin usign Java and HSM Luna SA through PKCS11. My question is, In wich processor cryptographic operations are perform? In wich way HSM Luna could speed up masive signing.

java hsm pkcs11

asked Feb 19 '15 at 20:02

eluish192

11
2

1

vote

1 answer

Definitions of PKCS#11 abbreviations

Is there a complete definition list for all CKx abbreviations in PKCS#11? I believe I gathered most of them: CK = ... Data type or general constant CKA = ... Attribute CKC = ... Certificate type CKD = ... Key derivation function CKF = ... Bit…

pkcs11

asked Nov 27 '14 at 23:56

Justin Case

113
6

1

vote

1 answer

OpenTSA and PKCS11

We are planning to implement the time-stamping service (RFC 3161) using OpenTSA and we wanted to know: Does OpenTSA support PKCS #11 (Cryptoki) to talk to HSMs? BTW: I did not find documentation or much information on OpenTSA. It would be really…

public-key-infrastructure openssl timestamp pkcs11

asked Jul 01 '14 at 12:54

java_enthu

121
6

1

vote

1 answer

Is Binance API Key part of RSA key pair?

When we generate an API key in Binance there is a generated secret key too. I could not find any reference that those are RSA key pairs. They could be just random unrelated numbers. Is the Binance API Key the public key of RSA key pairs?

pkcs11 cryptocurrency binance binance-api-client

asked Jul 28 '22 at 10:09

Ahmet Arslan

849
1
5
9

1

vote

1 answer

How do I get my server HSM working while connected via RDP? (Win 2019)

The error I get from pkcs11-tool.exe is "No slots." My server has a hardware security module (Nitrokey HSM 2) that becomes inaccessible once I connect to my server via Windows Remote Desktop. Note: this is NOT for logging in with smart cards. I use…

smartcard hsm windows-server rdp pkcs11

asked Oct 21 '21 at 18:26

Jacob Bruinsma

413
1
4
8

1

vote

1 answer

Use of SoftHSM2 in commercial products

I came across SoftHSM2 from OpenDNSSec(BSD license) which is a drop-in replacement for HSM except that SoftHSM2 only lacks physical security. Also, being the fact that PKCS#11 is the standard interface to work with both SoftHSM2 and HSM/TPM without…

physical software tpm hsm pkcs11

asked Feb 22 '21 at 04:44

Baranikumar Venkatesan

635
4
12

1

vote

2 answers

RSA insensitive and extractable private key export from SoftHSM 2

I've created an RSA private key in SoftHSM 2 via EJBCA with the following config: attributes(*, CKO_PUBLIC_KEY, *) = { CKA_TOKEN = false CKA_ENCRYPT = true CKA_VERIFY = true CKA_WRAP = false } attributes(*, CKO_PRIVATE_KEY, *) = { …

rsa hsm pkcs11

asked Dec 21 '19 at 16:06

No name

93
7

1

vote

1 answer

Can PKCS #11 object handles be used across sessions?

The PKCS #11 2.40 spec is a little ambiguous in its description of whether an object handle retrieved using session A can be used in session B to the same token. The main spec states (all emphasis below is mine): A particular object on a token does…

pkcs11

asked Mar 14 '19 at 15:39

Duncan Jones

1,647
1
10
14

1

vote

0 answers

Convert python-pkcs11.types.PrivateKey to PrivateKeyInfo or PrivateKey

I'm building a CertificateListBuilder but it requires the python-pkcs11.types.PrivateKey to be an instance of asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey. How to do it? Is it possible? Besides, I'd like to know if the private…

cryptography python pkcs11

asked Feb 25 '19 at 21:26

Fellipe Theophilo Barata

61
3

1

vote

1 answer

When generating PKI key pair with a smart card, who decides if the key is exportable?

I'm in the process of obtaining a code signing certificate from a CA that requires the use of a smart card for the generation of the PKI key pair. However, I would like to be in the possession of the private key, and not depend on a physical…

key-management key-generation smartcard pkcs11

asked Oct 14 '17 at 11:22

Chris

153
1
6

Questions tagged [pkcs11]