HSM (Hardware security Module) how to get started

HSMs

Posted by John Doe

Some additional information here

 This is an effort to explain how to get started with HSM. You don't need actual HSM. One can use softhsm to start with. 


What is HSM any way?

HSM in reality is most secure crypto hardware which used for key management. Usually for enterprise applications like banking, hive value secure keys, storing keys and signing images etc.

What standard does HSM follows?

HSM follows FIPS-140 crypto graphic modules standard.

What is PKCS11?

PKCS11  standard defines API interface to interact with HSMs.


How to install softhsm?

1. Download source 

    #curl -LOsSf https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz
     #tar xvf softhsm-2.6.1.tar.gz
     #cd softhsm-2.6.1/

2. Build

    #sudo apt install opensc openssl-devel vim
    #sudo apt install opensc libssl-devel vim
    #sudo apt install opensc libssl-dev vim
    #./configure --disable-gost
    #cat /proc/cpuinfo
    #make -j8
    #sudo make install


4. List modules

 
#tmarri@DESKTOP-2NJKTRD:~/src/crypto/hsm/softhsm-2.6.1$ softhsm2-util --show-slots
Available slots:
Slot 0
    Slot info:
        Description:      SoftHSM slot ID 0x0
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

   OR

 #pkcs11-tool  --module /usr/local/lib/softhsm/libsofthsm2.so --list-slots

4. Init 

    tmarri@DESKTOP-2NJKTRD:~/src/crypto/hsm/softhsm-2.6.1$  softhsm2-util --init-token --free --label "Test token"


tmarri@DESKTOP-2NJKTRD:~/src/crypto/hsm/softhsm-2.6.1$ softhsm2-util --show-slots
Available slots:
Slot 962108591
    Slot info:
        Description:      SoftHSM slot ID 0x39589caf
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:    85e0a49439589caf
        Initialized:      yes
        User PIN init.:   yes
        Label:            Test token
Slot 1
    Slot info:
        Description:      SoftHSM slot ID 0x1
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

How to use with python ?

https://github.com/bentonstark/py-hsm




useful links

https://illuad.fr/2022/01/30/install-softhsmv2-and-use-it-via-openssl-and-pkcs11-11.html 



1 comment:

  1. AnonymousDecember 4, 2022 at 7:56 AM

    If you and the dealer 1xbet korea both have a stiff hand, youSTAND. Almost always hit till you reach seventeen, especially if the dealer has a seven or higher. We’ve created a new new} place where questions are at the middle of learning.

    ReplyDelete

Subscribe to: Comments (Atom)