87 questions
0
votes
1
answer
73
views
How to open a connection with Azure iot hub with proof of possession challenge
Using X.509 certificate stored in a hardware security module (HSM), how can my IoT device establish a secure connection with IoT hub doing proof of possession challenge?
All samples I have seen assume ...
- 368
-2
votes
1
answer
41
views
Signing XML using PKCS11, HSM token
public static byte[] DoSignXML_old(string inputfile, HSMProperties pro, ref ISession session)
{
try
{
// Load the XML document
XmlDocument XDoc = new XmlDocument();
...
0
votes
0
answers
44
views
Java Performance issue- Nimbusds RSA decrypter with Luna Provider
All,
I am generating and storing the RSA type keys in HSM, we use HSM as a service.
I use luna client to fetch the private “key” from HSM , store in cache, use it when decrypting is being done.
We ...
0
votes
0
answers
21
views
Using AWS Cloud HSM to store the Android signing keys
For Android app development, we store APK signing keys in a .jks file (Java Key Store). Of course we protect the keys by using passwords. To enhance security, we are considering using Cloud HSM to ...
- 1,032
0
votes
0
answers
34
views
Signing xla macros using certificate stored in Azure key vault with HSM
We have been fetching the signing certificate from the Azure Key Vault and adding it to the local Windows store, which allows for the signing of macros in the .xla application through Excel.
var ...
0
votes
0
answers
27
views
ClickOnce Signing After Publish
I am trying to get a ClickOnce application signed properly, after publishing, including the application files (exe, dll, application file, manifest).
Because I am using HSM (Specifically DigiCert One) ...
0
votes
1
answer
50
views
Alternative way of setting ADC for google cloud to run on read-only pipeline systems?
I'm trying to use the kms module which requires ADC which expects GOOGLE_APPLICATION_CREDENTIALS which is a json credential file. So I aim to pass the necessary project_id, location_id etc. as secrets ...
- 250
0
votes
1
answer
95
views
Azure Managed HSM: Decrypt in C# using encryption result from Azure CLI
I'm encrypting a string using Azure CLI:
az keyvault key encrypt --id "https://myhsmtest.managedhsm.azure.net/keys/aes256/1234aed127f8009e15d6c3a883b91f21" --algorithm A256GCM --value "...
- 3
0
votes
2
answers
341
views
Pkcs#11 with Luna Cloud HSM: private key listed with cmu list is not found in Java KeyStore
Connecting to Luna Cloud HSM I am able to add a RSA private key to the HSM (either by cmu importkey or by cmu gen) and the command-line tool cmu list displays this key from the server.
I am connecting ...
- 1,565
1
vote
1
answer
332
views
How to delete public keys from a PKCS#11 security token in Java?
I would like modify a software which was written in Java. The software should be able to create public and private keys on a HSM and also be able to delete them. I would like to do these tasks by ...
- 11.9k
0
votes
2
answers
183
views
CKR_TEMPLATE_INCONSISTENT error while creating key on the hsm
I am getting CKR_TEMPLATE_INCONSISTENT error while trying to create a key on the hsm. I am using PKCS11 C# wrapper.
public void GenerateKeyByName(ISession session, string keyName, string keyContent,...
- 23
1
vote
0
answers
89
views
Nginx fails to do handshake using pkcs11 key if running in docker container
Error:
SSL_do_handshake() failed (SSL: error:41800082:PKCS#11 module::Object handle invalid error:0A080006:SSL routines::EVP lib) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:10001
I am ...
- 49
0
votes
0
answers
17
views
Correct parameter settings for Fortanix API Requests
I am trying to retrieve statistics from the Fortanix HSM via API calls.
The calls are structured as follows:
curl --request GET \--url https://amer.smartkey.io/sys/v1/stats/%7Bgroup_id%7D/group \
...
- 33
0
votes
1
answer
146
views
Login to AWS HSM as crypto-user, Error: Pkcs11Error: CKR_PIN_INCORRECT while perfomrin: pkcs11.C_Login(session, pkcs11js.CKU_USER, "1234"); in Nodejs
I am using AWS HSM. Followed the AWS HSM Setup guide foor FIPS Mode HSM. Installed CloudHSM Command Line Interface (CLI), Created a user called crypto-user by By logging in to HHSM using CloudHSM CLI. ...
0
votes
1
answer
96
views
Unwrapped key object via Pkcs11Interop library does not get persisted in Thales Luna HSM
I am using Pkcs11Interop library in a .Net application to communicate with Thales Luna HSM. And unwrapping a AES key via RSA key using CKM_RSA_PKCS mechanism.
But unwrapped AES key does not gets ...
- 176