hsm

问题 We are implementing safety-critical system, where the FIPS 140-2 compliant HSM (hardware security module) is required to generate and store key material, perform encryption/decryption and run custom code with the following requirements set for the custom module: Module is available over RPC Module has access to all HSM keys and services Module has in-memory and persistent storage (1+ MB both) Module memory is secured (FIPS 140-2 level 3+) As for the HSM services itself, it is required to:

来源： https://stackoverflow.com/questions/61983050/accessing-epass2003-auto-token-through-browser

来源： https://stackoverflow.com/questions/61983050/accessing-epass2003-auto-token-through-browser

来源： https://stackoverflow.com/questions/61983050/accessing-epass2003-auto-token-through-browser

问题 I have to store the key into memory. So as security concern we can not store the cryptographic key into the memory directly, We need to store the key in Encrypted way. So the idea is we store the key in encrypted manner and at the time of crypto operation, just decrypt the key and use it and dispose the key. So we are using Password based encryption(PBE) define in BouncyCastle c# version Example code. The problem in code is that the password is fix here. I have to generate the password at run

问题 I have to store the key into memory. So as security concern we can not store the cryptographic key into the memory directly, We need to store the key in Encrypted way. So the idea is we store the key in encrypted manner and at the time of crypto operation, just decrypt the key and use it and dispose the key. So we are using Password based encryption(PBE) define in BouncyCastle c# version Example code. The problem in code is that the password is fix here. I have to generate the password at run

问题 I have a master key in an HSM and I want to derive it with a given diversifier. I am quite new to JCA/JCE, and a bit lost with KeyGenerator, SecretKeyFactory, ... especially since all parameters are strings. I want to use AES or HmacSha1. It seems I need to use a SecretKeyFactory, and provide a KeySpecs. But which type of KeySpecs? (I have seen a post on that topic, but I didn't seem an HSM was used.) Thanks. 回答1: You can derive key using: password-based derivation (PKCS#5) as described in

问题 I have a master key in an HSM and I want to derive it with a given diversifier. I am quite new to JCA/JCE, and a bit lost with KeyGenerator, SecretKeyFactory, ... especially since all parameters are strings. I want to use AES or HmacSha1. It seems I need to use a SecretKeyFactory, and provide a KeySpecs. But which type of KeySpecs? (I have seen a post on that topic, but I didn't seem an HSM was used.) Thanks. 回答1: You can derive key using: password-based derivation (PKCS#5) as described in

问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 7 years ago . I am supposed to write a client application in C# that communicates with Thales WebSentry and I need a few hints at how to start.

问题 I have a low volume (<500 PDFs/year) application for automated digital-signing of PDF files using iText in Java on Linux. I've got iText adding a digital signature to PDFs using my SSL certificate. Is this a valid method to prove the PDF was generated by my domain (e.g. server)? Can it be used somehow to get the green checkmarks showing "trust" in Adobe Reader? If not, I should use a certificate intended for PDFs (e.g. not my SSL certificate), so that the little green checkmarks indicating