hsm – Page 14 – WindowsTechs.com

What does the private key look like for an HSM based certificate?

Posted on January 31, 2017 by MagellanTX

Can someone explain what makes up the anatomy of a certificate’s private key when the key itself is stored on an HSM? I’m using nShield in this example but I’m assuming the principals are the same for any HSM that creates certificates with HSM private key pointers.

There’s two areas I’m having a hard time understanding and there isn’t much information out there…or I’m searching for the wrong keywords.

1) When I open the certificate in the certificate manager (Windows) it shows that I do have a private key for the certificate. I realize this is just the pointer but, nevertheless, Windows recognizes the data as a valid private key, how is that possible? How does it fool Windows into thinking it’s a real private key?

2) If I attempt to use the private key from the certificate (ie, to sign something) it redirects the private key operations to the HSM. I assume the CSP is responsible for this but how does the certificate know which CSP to use?

I’m trying to get a better understanding so I can write software that allows users to leverage certificates for crypto operations instead of having to rely on PKCS11 or the vendor’s API.

Thanks!!

Continue reading What does the private key look like for an HSM based certificate?→

Using Unix script to access Safenet Luna HSM

Posted on January 7, 2017 by New2Security

We need to decrypt xml files using safenet luna HSM. The encrypted files are stored in a unix server where the safenet luna client is also installed. The client is easily accessible via Java usinG API, but for performance rea… Continue reading Using Unix script to access Safenet Luna HSM→

How to securely transfer DUKPT BDK between HSMs?

Posted on October 29, 2016 by nik

I’m trying to understand best practices and capabilities regarding the use of an HSM, e.g the Thales Payshield 9000.

Specifically, I wish to securely transfer a BDK for DUKPT from one HSM to a second, without it ever being in the clear, o… Continue reading How to securely transfer DUKPT BDK between HSMs?→

How to safely store/process secret key for JWT

Posted on June 22, 2016 by user6227254

After reading this: https://stackoverflow.com/questions/30089604/jwt-whats-a-good-secret-key-and-how-to-store-it-in-an-node-js-express-app, on how to store “secret key” to assign JWT tokens. I had security questions. My data (messages, use… Continue reading How to safely store/process secret key for JWT→

Nginx and HSM integration to hold private keys

Posted on June 11, 2015 by GG01

We are using Nginx and storing private keys in a file on the server. We would like to move our private keys to an HSM so that SSL keys are stored in the HSM and never leave the HSM. All crypto operations required during SSL termination can… Continue reading Nginx and HSM integration to hold private keys→

HSM maintenance

Posted on May 9, 2015 by Alvaro Cuno

I have a HSM that is an asset within a information security management system and the help desk team tells me that the device is displaying a critical failure alert. So my questions are: Must I replace the HSM with a new one … Continue reading HSM maintenance→

What are the differences between TPM and HSM?

Posted on May 7, 2015 by Ali

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly?

Does one of them has more advantages than another?

Continue reading What are the differences between TPM and HSM?→

What does “PIN encrypted under LMK” mean?

Posted on March 23, 2015 by sam

What does PIN encrypted under LMK mean? From what I understand the Local Master Key is only there to encrypt other keys. I was reading some code and I saw function names like encryptClearToLmk or decryptLmkToClear.

Does the expression hav… Continue reading What does “PIN encrypted under LMK” mean?→

What is the difference between HSM and Key server?

Posted on March 3, 2014 by nathi

As per PCI-DSS requirements, we have to use either HSM (Hardware Security Module), or Key Server to store the KEK (Key Encryption Key).

If I’m storing encrypted DEK (Data Encryption Key) in an App Server, how can I securely store the KEK … Continue reading What is the difference between HSM and Key server?→

Criteria for Selecting an HSM

Posted on May 30, 2013 by AviD

A very sensitive application has to protect several different forms of data, such as passwords, credit cards, and secret documents – and encryption keys, of course.
As an alternative to developing a custom solution around (st… Continue reading Criteria for Selecting an HSM→