Collaborate Disseminate
The PKCS #11 2.40 spec is a little ambiguous in its description of whether an object handle retrieved using session A can be used in session B to the same token.
The main spec states (all emphasis below is mine):
A parti… Continue reading Can PKCS #11 object handles be used across sessions?
I’m using a HSM to generate a pair of public/private elliptic key using PKCS11 commands, but I need to use the public key in BouncyCastle.
I can read the attribute EC_POINT in DER format, but I can not figure out how to impo… Continue reading Import PKCS11 public key in BouncyCastle
I’m building a CertificateListBuilder but it requires the python-pkcs11.types.PrivateKey to be an instance of asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey.
How to do it? Is it possible?
Besides, I’d like… Continue reading Convert python-pkcs11.types.PrivateKey to PrivateKeyInfo or PrivateKey
We’re using a rather low-level PKCS#11 interface and are trying to generate a key-pair for RSA with it. We’re using the mechanism RSA_PKCS_KEY_PAIR_GEN (0x00). Among others we have copied the following two attributes from one… Continue reading PKCS11 key pair generation – attributes MODULUS_BITS and PUBLIC_EXPONENT
We’re using a rather low-level PKCS#11 interface and are trying to generate a key-pair for RSA with it. We’re using the mechanism RSA_PKCS_KEY_PAIR_GEN (0x00). Among others we have copied the following two attributes from one… Continue reading PKCS11 key pair generation – attributes MODULUS_BITS and PUBLIC_EXPONENT
Can I generate a CSR using HSM? If Yes, then Please guide us. It would be very helpful.
Following are our system details:
We have HSM(SafeNet) Simulator to test developement application.
we are using Cryptoki.dll with Desk… Continue reading Can we create certificate sign request (CSR) using HSM?
Considering this thread:
Create certificate without private key with OpenSSL
I have a very similar situation. I have a USB eToken 5110 JC (Aladdin) which has an inaccessible private key, since it’s the main objective. I can… Continue reading Create certificate without private key or using USB eToken
I’m in the process of obtaining a code signing certificate from a CA that requires the use of a smart card for the generation of the PKI key pair.
However, I would like to be in the possession of the private key, and not depe… Continue reading When generating PKI key pair with a smart card, who decides if the key is exportable?
When using a (PKCS#11) based HSM (for S/Mime or PGP) the public key operations for signing or decryption is done by the HSM so that the key has to never leave the protected environment. The bulk part of those operations (for … Continue reading Offloading hashing and symmetric encryption to HSM
I want to get data from a server that accept only client authentication via smartcard and save them to my server. Since they are a lot of data, I want to create a connection between my server and this third party server, but … Continue reading Extract smartcard certificate for server to server authentication