SoftHSMv2 | OpenDNSSEC handles and stores its cryptographic keys | Cryptography library

 by   opendnssec C++ Version: 2.6.1 License: Non-SPDX

X-RayKey FeaturesCode SnippetsCommunity Discussions(2)VulnerabilitiesInstallSupport

kandi X-RAY | SoftHSMv2 Summary

kandi X-RAY | SoftHSMv2 Summary

SoftHSMv2 is a C++ library typically used in Security, Cryptography applications. SoftHSMv2 has no bugs, it has no vulnerabilities and it has low support. However SoftHSMv2 has a Non-SPDX License. You can download it from GitHub.

OpenDNSSEC handles and stores its cryptographic keys via the PKCS#11 interface. This interface specifies how to communicate with cryptographic devices such as HSM:s (Hardware Security Modules) and smart cards. The purpose of these devices is, among others, to generate cryptographic keys and sign information without revealing private-key material to the outside world. They are often designed to perform well on these specific tasks compared to ordinary processes in a normal computer. A potential problem with the use of the PKCS#11 interface is that it might limit the wide spread use of OpenDNSSEC, since a potential user might not be willing to invest in a new hardware device. To counter this effect, OpenDNSSEC is providing a software implementation of a generic cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is designed to meet the requirements of OpenDNSSEC, but can also work together with other cryptographic products because of the PKCS#11 interface.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              SoftHSMv2 has a low active ecosystem.
              It has 619 star(s) with 292 fork(s). There are 48 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 94 open issues and 254 have been closed. On average issues are closed in 74 days. There are 29 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of SoftHSMv2 is 2.6.1

            kandi-Quality Quality

              SoftHSMv2 has 0 bugs and 0 code smells.

            kandi-Security Security

              SoftHSMv2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              SoftHSMv2 code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              SoftHSMv2 has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              SoftHSMv2 releases are not available. You will need to build from source code and install.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of SoftHSMv2
            Get all kandi verified functions for this library.

            SoftHSMv2 Key Features

            No Key Features are available at this moment for SoftHSMv2.

            SoftHSMv2 Examples and Code Snippets

            No Code Snippets are available at this moment for SoftHSMv2.

            Community Discussions

            Trending Discussions on SoftHSMv2

            how to switch to CKM_AES_KEY_WRAP_PAD during key wrapping in SOFTHSM2 using JAVA PKCS11 IAIK
            How to signing on computer with private key in Android's app data

            QUESTION

            how to switch to CKM_AES_KEY_WRAP_PAD during key wrapping in SOFTHSM2 using JAVA PKCS11 IAIK
            Asked 2019-May-16 at 13:06

            I am making use of SoftHSM to generate isometric keys in Java. Currently, I need to wrap private keys using the wrapKey function provided in IAIK PKCS11 library (JAVA) and I'm having a problem with the key wrapping operation in cipher.getInstance(). The application throws CKR_MECHANISM_INVALID and all existing information on the net doesn't seem to give a suitable answer on how to fix this.

            Currently, it seems that this is a problem to do with the mechanism of IAIK as it is currently making use of CKM_AES_CBC_PAD algorithm for key wrapping.

            It is unclear how to switch between CKM_AES_CBC_PAD and the ones suggested in the github issue created for the problem on SoftHSM's github page see: https://github.com/opendnssec/SoftHSMv2/issues/229 and https://github.com/opendnssec/SoftHSMv2/issues/405.

            Two things that are clear is that this is a known issue and the authors suggest to use CKM_AES_KEY_WRAP, CKM_AES_KEY_WRAP_PAD, CKM_RSA_PKCS, or CKM_RSA_PKCS_OAEP. however, I am unable to find samples using the suggested options and after hours of digging through the libraries, I think its easier to just ask here.

            Initial Question: I would like to switch mechanism from CKM_AES_CBC_PAD to CKM_AES_KEY_WRAP during keywrap

            Update: After further debugging, it seems the issue may be even more complex than switching between mechanism. Due to this, i would prefer to know instead:

            New Question: What is the best way to implement key wrapping using the above listed technologies in JAVA

            ...

            ANSWER

            Answered 2019-May-16 at 13:06

            We found that it does not work with Cipher interface because IAIK by default tries to use method that is not supported by soft hsm. We had to use low level IAIK methods to wrap and unwrap. In low level method you can change mechanism like this:

            Source https://stackoverflow.com/questions/56056111

            QUESTION

            How to signing on computer with private key in Android's app data
            Asked 2017-Mar-22 at 21:08

            I am using SoftHSMv2 as cryptoki library for both Android and PC. I want to using Android device to replace an USB token and signing on PC with a certificate and key pair stored in my Android app data.
            Just import the certificate from Android into PC's cert store are enough to PKCS#11 perform signing?
            Do I need modify PKCS#11 library to push data to Android or any other modify?

            ...

            ANSWER

            Answered 2017-Mar-22 at 21:08

            Since you did not specify which operating systems on PC you are targeting I'm assuming that Windows one of them.

            Windows itself doesn't support PKCS#11 standard and it has its own interface called CryptoAPI. So, if you want to perfom signing operation in such programs as Microsoft Outlook you need to implement a Cryptographic Service Provider (CSP) or Key Storage Provider (KSP). Or if your android device represents in system as a smart card you could implement Smart Card Minidriver. Schematic it will be something like this:

            Source https://stackoverflow.com/questions/42942720

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install SoftHSMv2

            Install the library using the follow command:.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Reuse Trending Solutions

            build-a-realtime-voice-to-image-generator-using-generative-ai
            build-a-realtime-voice-to-image-generator-using-generative-ai
            Build a Realtime Voice-to-Image Generator using Generative AI
            image-resizing-using-opencv-in-python
            image-resizing-using-opencv-in-python
            Image Resizing using OpenCV in Python
            build-your-own-gpt4all-content-generator
            build-your-own-gpt4all-content-generator
            Build your own Custom GPT Content Generator (Open-Source ChatGPT Alternative)
            validate-an-email-address-in-javascript
            validate-an-email-address-in-javascript
            How to Validate an Email Address in JavaScript
            age-calculator-using-javascript
            age-calculator-using-javascript
            Age Calculator using JavaScript
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            Addressing Bias in AI - Toolkit for Fairness, Explainability and Privacy
            javascript-node-js-payment-processing
            javascript-node-js-payment-processing
            15 best JavaScript Node.js Payment libraries
            build-credit-risk-predictor-using-federated-learning
            build-credit-risk-predictor-using-federated-learning
            Build Credit Risk predictor using Federated Learning
            top-10-javascript-tours-and-guides-libraries-in-2023
            top-10-javascript-tours-and-guides-libraries-in-2023
            10 Best JavaScript Tours and Guides Libraries in 2023
            disease-predictor
            disease-predictor
            Disease Predictor using Pandas & Scikit
            python-face-recognition
            python-face-recognition
            28 best Python Face Recognition libraries

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/opendnssec/SoftHSMv2.git

          • CLI

            gh repo clone opendnssec/SoftHSMv2

          • sshUrl

            git@github.com:opendnssec/SoftHSMv2.git

            • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            CryptographySecurity

            Reuse Security Kits

            15 best Ruby Server Side Scripting libraries
            DDoS Attack Detection
            11 best Python Proof of work libraries
            Highly Secured WiFi Router
            OTP Verification System
            See all related Kits

            Consider Popular Cryptography Libraries

            dogecoin

            by dogecoin

            tink

            by google

            crypto-js

            by brix

            Ciphey

            by Ciphey

            libsodium

            by jedisct1

            See all Cryptography Libraries

            Try Top Libraries by opendnssec

            opendnssec

            by opendnssecC

            SoftHSMv1

            by opendnssecC++

            pkcs11-testing

            by opendnssecC++

            odslab

            by opendnssecShell

            dnssec-monitor

            by opendnssecRuby

            See all Learning Libraries

            Open Weaver – Develop Applications Faster with Open Source

            kandi

            Community and Support

            Company

            Follow

            • © 2023 Open Weaver Inc.