Collaborate Disseminate
I am trying to find the locations on the embedded devices with micros that don’t support HSM/SHE. What are the ideas/suggestions for storing the symmetric keys? I found solutions that suggest using public/private keys to encrypt this symme… Continue reading what are the locations to store symmetric keys on the embedded controller without HSM or certs involvement?
When HSMs are not accessible, we often need alternative methods for securely storing and managing encryption keys
What open-source options exist for effectively managing encryption keys in a language-agnostic manner when HSMs are unavailab… Continue reading What are the effective open-source methods for storing and managing encryption keys in a language-agnostic manner when an HSM is unavailable?
If I have a program that runs on a regular basis, such as a cron job or systemd timer and it needs to access a secure resource like a hsm or encrypted database, what are the best practices to store/access the credentials to it?
Anyone ever had a vulnerability scanning experience on HSM Thales Payshield?
In my company, we are performing security scans on our infrastructure and we are considering how to treat HSM. We are using Qualys, and our HSM management office … Continue reading Vulnerability scans on HSM Thales payShield [closed]
I’m a bit confused with PKCS11 (v3) standard…
In particular, it’s blurry to me if one can invoke C_DeriveKey, passing, say, CKM_SHA512_KEY_DERIVATION (or some HKDF) to it as the mechanism and also set the following in the template:
CKA_… Continue reading Deriving EC keypairs pairs via PKCS11?
My management requested to investigate about security of HSM Thales Payshield.
Have you ever heard of any security bugs on the HSM Thales Payshield? I mean, except for the known bugs reported in their documentation, it seems impossible to … Continue reading HSM Thales PayShield vulnerabilities
I need to store a large amount of AES keys and provide an API to decrypt user-provided ciphertext.
The application flow is as follows:
The user authenticates
The user makes a POST request with some cyphertext and a MAC signature (cleartex… Continue reading How to secure hundreds of AES keys
Password error while loading LMK to the new HSM from the existing one. Is there a way to reset the password of the card with the backup LMK? The existing HSM failed and can’t power on. We have 3 components to load the LMK and only the seco… Continue reading Thales HSM 9000 existing HSM 1 power failed. password error loading LMK to the new HSM 2 [closed]
I need to use the CVK Key (in key block format) to calculate the CVV2.
In the past, I have always used single keys in variant format for this purpose (CVKa + CVKb), and the calculation procedure is standard (there are also many online calc… Continue reading CVV2 calculation with TR-31 Key
we have a concern about a key export. We completed the migration to Key Block LMK in our environment (with HSM Thales 10K). Now, we have to exchange keys with third-parties that still use Keys in variant form. We generated the keys and for… Continue reading PCI compliance – use of ANSI X9.17 for export keys