pachulo
February 25, 2020, 3:11pm
1
We’ve got a pair of Nitrokey HSM2 and are evaluating their use on in-house developed Java applications, but we just found a serious blocker.
It seems that, after this change in Java (commit ), the support for decrypting using the HSM2 through Sun PKCS#11 is gone .
Here are the Mechanism & algorithms supported on Java 8:
Mechanism
Algorithm
Notes
AlgorithmParameters
EC
Cipher
RSA/ECB/NoPadding
only decrypt
Cipher
RSA/ECB/PKCS1Padding
only decrypt
KeyAgreement
ECDH
KeyFactory
EC
KeyFactory
RSA
KeyPairGenerator
EC
keySize={192,521}
KeyPairGenerator
RSA
keySize={1024,4096}
KeyStore
PKCS11
MessageDigest
MD5
MessageDigest
SHA1
MessageDigest
SHA-256
MessageDigest
SHA-384
MessageDigest
SHA-512
SecureRandom
PKCS11
Signature
MD2withRSA
Signature
MD5withRSA
Signature
NONEwithECDSA
Signature
SHA1withECDSA
Signature
SHA1withRSA
Signature
SHA224withECDSA
Signature
SHA224withRSA
Signature
SHA256withECDSA
Signature
SHA256withRSA
Signature
SHA384withECDSA
Signature
SHA384withRSA
Signature
SHA512withECDSA
Signature
SHA512withRSA
And here those for Java 11:
Mechanism
Algorithm
AlgorithmParameters
EC
KeyAgreement
ECDH
KeyFactory
EC
KeyFactory
RSA
KeyPairGenerator
EC
KeyPairGenerator
RSA
MessageDigest
MD5
MessageDigest
SHA1
MessageDigest
SHA-256
MessageDigest
SHA-384
MessageDigest
SHA-512
Signature
MD5withRSA
Signature
NONEwithECDSA
Signature
NONEwithECDSAinP1363Format
Signature
RSASSA-PSS
Signature
SHA1withECDSA
Signature
SHA1withECDSAinP1363Format
Signature
SHA1withRSA
Signature
SHA1withRSASSA-PSS
Signature
SHA224withECDSA
Signature
SHA224withECDSAinP1363Format
Signature
SHA256withECDSA
Signature
SHA256withECDSAinP1363Format
Signature
SHA256withRSA
Signature
SHA256withRSASSA-PSS
Signature
SHA384withECDSA
Signature
SHA384withECDSAinP1363Format
Signature
SHA384withRSA
Signature
SHA512withECDSA
Signature
SHA512withECDSAinP1363Format
Signature
SHA512withRSA
So, we have two main questions:
Doesn’t the HSM2 supports encryption?
What can be done to enable, at least, support for decryption on Java > 8?
Thanks a lot!
pachulo:
Doesn’t the HSM2 supports encryption?
What can be done to enable, at least, support for decryption on Java > 8?
Hi @pachulo !
I do not entirely understand the motivation behind this commit, that is removing the partial support. Do you?
Regarding the questions:
AFAIK for the asymmetric algorithms the private key operations are done on the device, and public key ones on the host. Thus encryption is done on PC, and decryption through device (hence probably the only decrypt
note). For symmetric algos (like AES) both should be possible.
How about interfacing with OpenSC instead? Here is its Wiki for HSM .
You can look at the vendor’s support page as well.
pachulo
February 26, 2020, 9:43am
3
No, I don’t really get it either.
szszszsz:
AFAIK for the asymmetric algorithms the private key operations are done on the device, and public key ones on the host. Thus encryption is done on PC, and decryption through device (hence probably the only decrypt
note). For symmetric algos (like AES) both should be possible.
Yes, this it what we understand too. We were just wondering if this is a limitation of the hardware itself or just something implemented on the “software” over performance concerns (or other reasons).
szszszsz:
How about interfacing with OpenSC instead? Here is its Wiki for HSM .
Our idea was to use something “standard” as the Sun PKCS#11, so we can later use another HSM if we need to.
We will try to open a case there, thanks!
sc-hsm
February 27, 2020, 8:22am
4
The SUN PKCS#11 provider is often problematic and does not seem to be well supported.
That is the reason why we maintain OpenSC-Java .
There is also a JCE-Provider available for the SmartCard-HSM. Signed binaries are part of the Smart Card Shell, the source code is available in the CardContact Developer Network.
pachulo
February 27, 2020, 9:57am
5
Yes, we’ve also seen that, but the last commit is from 2 years ago, so, is it really maintained?
OK, we will try that.
pachulo:
Doesn’t the HSM2 supports asymmetric encryption?
What about this @sc-hsm ? Thanks!
sc-hsm
February 27, 2020, 12:20pm
6
Yes, the HSM supports asymmetric decryption with padding format PKCS#1 V1.5 and OAEP with SHA-1 MGF.
sc-hsm
February 27, 2020, 3:19pm
8
Encryption is a public key operation that is typically performed outside the HSM.
1 Like
pachulo
February 27, 2020, 3:46pm
9
sc-hsm:
Yes, we’ve also seen that, but the last commit is from 2 years ago, so, is it really maintained?
And what about this @sc-hsm ?
By the way, thanks a lot for your support!