[Cryptech Tech] Firewalls

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jun 2 01:33:37 UTC 2017

Previous message (by thread): [Cryptech Tech] Firewalls
Next message (by thread): [Cryptech Tech] Firewalls
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Stuge <peter at stuge.se> writes:

>SafeNet Luna SA 5.2.1 or later
>Thales Nshield Connect 11.62 or later"
>
>"HSM client" has nothing to do with PKCS#11.

Given that the native API for the Luna tokens is PKCS #11, it'd be hard to not
use PKCS #11 for them.  In addition unless the nCipher interface is using JCE
or CryptoAPI, it'll be using PKCS #11 as well.

So you could start with SoftHSM:

https://github.com/opendnssec/SoftHSMv2

and then migrate the functionality into the hardware HSM.  If the PA gear is
hardcoded to only allow the Luna and nCipher devices then you'd have to fake
them via the SoftHSM layer, i.e. return a Luna or nCipher ID string or
whatever it is the PA expects to see.

Peter.

Previous message (by thread): [Cryptech Tech] Firewalls
Next message (by thread): [Cryptech Tech] Firewalls
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list