SoftHSM2: What crypto mechanisms and ciphers are supported?

SoftHSM2 is free and easy o install or compile. But if you search how to use SoftHSM2 for symmetric and asymmetric cryptography or hashing you will notice that the OpenDNSSEC Wiki will not have any hint what mechanisms are supportet. This post will show how to view all SoftHSM mechanisms using pkcs11-tool. This references are based on version 2.6.1 and can be downloaded from OpenDNSSEC website.

To repeat the following steps you need to install or compile the following packages:

  • OpenSC (includes pkcs11-tool binary)
  • SoftHSM2

List all SoftHSM2 mechanisms (AES, DES, DH, DSA, ECDH, ECDSA, HASHES, RSA)

SoftHSM2: What crypto mechanisms and ciphers are supported? weiterlesen

Export a RSA / ECC public key with OpenSC pkcs11-tool

Whenever you generate a public/private key pair in hardware over PKCS#11 you need export the public key to generate an X.509v3 vertificate. pkcs11-tool is a command line tool to test functions and perform crypto operations using a PKCS#11 library in Linux. It always requires a local available working P11 module (.so in Linux or .DLL in Windows) and allows various cryptographic action. pkcs11tool is part of the OpenSC package.

Export a RSA / ECC public key with OpenSC pkcs11-tool weiterlesen

Generate RSA, ECC and AES keys with OpenSC pkcs11-tool

How to generate RSA, ECC and AES keys: pkcs11-tool is a command line tool to test functions and perform crypto operations using a PKCS#11 library in Linux. It always requires a local available working P11 module (.so in Linux or .DLL in Windows) and allows various cryptographic action. pkcs11tool is part of the OpenSC package.

This post is part of #CryptoCorner my contribution to open source cryptography and secure hardware key storage to reduce risks from misunderstood and unsecure implemented key management.

Generate RSA, ECC and AES keys with OpenSC pkcs11-tool weiterlesen

Show slot and token info with OpenSC pkcs11-tool

Show slot and token info: pkcs11-tool is a command line tool to test functions and perform operations of a PKCS#11 library in Linux. It always requires a local available working P11 module (.so in Linux or .DLL in Windows) and allows various cryptographic action. pkcs11tool is part of the OpenSC package.

PKCS#11 is a standard interface to create symmetric and asymmetric keys and perform cryptographic operations. It is mainly used to access smart card type of key media or Hardware Security Modules (HSM). Today the interface is implemented in many different applications to use hardware cryptography. PKCS#11 based on the PKCS#11 (Cryptoki) specifications. The complete specifications are available at oasis-open.org.

Show slot and token info with OpenSC pkcs11-tool weiterlesen

Configuration of OpenSC pkcs11-tool

Configuration example for: pkcs11-tool is a command line tool to test functions and perform operations of a PKCS#11 library in Linux. It always requires a local available working P11 module (.so in Linux or .DLL in Windows) and allows various cryptographic action. pkcs11tool is part of the OpenSC package.

PKCS#11 is a standard interface to create symmetric and asymmetric keys and perform cryptographic operations. It is mainly used to access smart card type of key media or Hardware Security Modules (HSM). Today the interface is implemented in many different applications to use hardware cryptography. PKCS#11 based on the PKCS#11 (Cryptoki) specifications. The complete specifications are available at oasis-open.org.

Configuration of OpenSC pkcs11-tool weiterlesen