"Failed connecting to the YubiKey. Make sure the application has the required permissions." [closed]

I have a Yubikey version 5.2.7 and I can’t generate any new certificates on yubikey manager app, which is weird since I have already generated two certs (on 9d slot) and they worked fine.
Now the following message pops up:

"Failed co… Continue reading "Failed connecting to the YubiKey. Make sure the application has the required permissions." [closed]

Is using HSM worth in this scenario?

Long story short, I’ve assigned with the task to find a way to improve security in an application, they are using java keystores to save and protect the keys. The application owner is worried that someone could stole the keystore and the pass.

I’ve read this question Storage of ‘secrets’, keystores, HSMs and the rest and as the accepted answer says there is always something at the end that could expose everything.

As I see the best way to protect the keys is to store private keys in an HSM and do there the signing operations.

This has lead me to another problem: I have to store the keys in the HSM in a way that applications don’t have access to other application keys, the HSM in my organization is a Thales Luna, so to make this separation between applications they need to create partitions in it which has a downside, this partitions have additional cost.

Other thing I’ve noticed is that even with the HSM there is something always in the client side that could lead to a breach, the difference is the complexity to get the keys or get access to the HSM to misuse the keys.

I am exploring the option of encrypt the private keys of each module with a key inside the HSM, so regarding this the question should be: Is it really more secure using a key inside the HSM to encrypt the private keys than using the java keystore only?

Continue reading Is using HSM worth in this scenario?