How secure is HSM2 data exchange channel?


According to HSM2 specification it uses a BSI TR-03110 protocol to secure data channel.

Do you know any results regarding it’s security analysis?

For example for a JavaCard SCP02 and SCP03 there is some research done:

Cryptanalysis of GlobalPlatform Secure Channel Protocols

It indicates SCP02 is not secure enough and SCP03 shall be used instead.

To make things clear: You need a software to communicate with the Nitrokey HSM by using TR-03110. If you are looking at using it at a desktop, ordinary software doesn’t use that protocol.

Please let me know, which software does support BSI TR-03110 protection?

Does OpenSC uses this protocol or is it transparent for OpenSC so that OpenSC is even not aware of it being used and just passed through OpenSC?

Is there a command line software which can encrypt/decrypt text strings or messages by HSM2 algos provided the strings are being transferred to HSM2 via BSI TR-03110?

May be some PGP software is compatible like GPG or Sequoia PGP library ?

Where can I see a list of open source software for Linux and BSD which uses BSI TR-03110 protocol for protecting its data exchange channel?

I’m not aware of any popular or open source software which supports TR-03110. This is an enterprise feature your software would need to incorporate. Beside of that, PKI As A Service supports it.

Jan, the page you mentioned requires me to login:

Login Required
Please insert your SmartCard-HSM and press continue .

Where can I read more details about command line tools and/or API to encrypt and decrypt text strings via PKI software you referred using HSM2 via encrypted data channel of course?